Potential T—Mobile Data Breach Could Affect 100 Million Customers - What You Can

Potential T—Mobile Data Breach Could Affect 100 Million Customers - What You Can

Update: This leak is even worse than we thought. Click here.

Data thieves allegedly stole 100 million customer information from T-Mobile customers, and the company has acknowledged that it is investigating the possible data breach.

"We are aware of the claims in underground forums and are actively investigating their validity," the company told Vice Motherboard. 'We have no additional information to share at this time.'

The thieves posted a for-sale sign on an online cybercriminal forum and demanded 6 bitcoins (about $284,000 in US dollars) for a portion of T-Mobile's data, which allegedly includes 30 million social security numbers and driver license numbers.

The seller told Vice Motherboard that the other 70 million people's data was sold privately. It all supposedly includes names, phone numbers, physical addresses, and IMEIs (mobile device IDs).

Bleeping Computer also contacted the seller after seeing the forum post, and said the data also includes the phone's IMSI (SIM card ID), the customer's date of birth, and the PIN number of the T-Mobile account.

Vice Motherboard said it has confirmed that the sample of data it saw is authentic. While it is not yet known for sure, the type of customer data stolen overlaps nicely with what T-Mobile admitted was stolen from its servers in the March 2021 incident.

If you are a T-Mobile customer, it would be best to change your account PIN and password immediately. [The apparent theft of Social Security numbers and dates of birth has put many people at serious risk. Remember, these services can be expensive.

Bleeping Computer noted that the posting did not mention that the data came from T-Mobile, even though the seller told both Bleeping Computer and Vice Motherboard so.

This is not the first time T-Mobile has responded to reports of a data breach. By our count, the company has been hacked three times in the past 18 months: in March 2021, December 2020, and March 2020. The company was also hacked in August 2018.

If you are serious about protecting your personal information, you may want to consider other wireless carriers with better track records.

T-Mobile confirmed in a statement to Bleeping Computer, Vice Motherboard, and ZDNet later Monday that an information breach had occurred, but could not confirm what was stolen or how many customers were affected.

"We have determined that unauthorized access to T-Mobile data has occurred, but we have not yet determined that any customer personal information is involved," the T-Mobile statement said.

"We are confident that the entry point used for the access has been closed and are continuing a detailed technical review of the situation across our systems to determine the nature of the unauthorized accessed data."

The seller of the stolen data told Bleeping Computer that T-Mobile's "entire IMEI history database dating back to 2004" was stolen.

The IMEI (International Mobile Equipment Identification Number) is a unique identification number given to all cell phones that have access to GSM-based cellular networks such as those operated by AT&T and T-Mobile.

Categories