Hackers take credit for 54 million T-Mobile data breach and call security "terrible"

Hackers take credit for 54 million T-Mobile data breach and call security "terrible"

The hacker who claims to be responsible for last week's T-Mobile information breach that leaked the personal information of 54 million people told the Wall Street Journal today (August 26) that the company's "security is terrible.

John Binns, a 21-year-old American living in Turkey, his mother's homeland, found an unprotected T-Mobile router online in July and used it on August 4 to hack into 100 T-Mobile data centers in central Washington state containing personal data of current and former customers. He told the paper that he hacked into more than 100 servers containing personal data of current and former customers at T-Mobile's data center in central Washington state.

"I was panicking because I had access to something big," Binns told the Journal in a conversation on the encrypted messaging platform Telegram.

According to the Journal, a series of personal questions confirmed Binns' identity, and the Telegram account he used provided details of the T-Mobile hack before it became public.

Binns would not tell the Journal whether he sold the stolen data or was paid to attack T-Mobile.

This is T-Mobile's fifth or sixth data breach in the past three years. Because of this dismal track record, if you value your personal information, you may want to consider taking your business elsewhere.

The breach came to light on August 15 when a hacker offered to sell some of the data on 30 million T-Mobile customers for 6 bitcoins (about $280,000) at a cybercriminal forum. The Journal suggested that the seller may not have been Binns.

More than 54 million current, former, and prospective T-Mobile customers were affected, most of whom had their full names, dates of birth, Social Security numbers, and current or former addresses compromised.

These four pieces of personal information are often all that is needed to open an account in someone else's name, putting the affected individuals at serious risk of identity theft.

Binz told the Journal that his attack on T-Mobile was to "generate noise," but added that he was persecuted by U.S. government agents while in Germany. Binz sued the CIA, FBI, and other federal agencies last year, the Journal said.

According to Bleeping Computer, when the data breach was first revealed, an apparent hacker or hackers told an Israeli security researcher that the attack "was carried out by CIA and Turkish agents in Germany in 2019 when John Erin Binns (CIA Raven-1) was carried out in retaliation against the U.S. for his kidnapping and torture."

According to the Journal, Binns appears to be one of many individuals involved in the Mirai botnet attack that shut down Internet access for much of the East Coast of the US on October 21, 2016.

T-Mobile is offering two years of identity theft protection and credit monitoring free of charge to those affected by this breach; anyone who has signed up for a T-Mobile account should take advantage of this offer and, if possible, freeze their credit file. freeze their credit files, if possible.

Categories