Data breach at T-Mobile US: Hacker exploited devastating security hole


A hacker has claimed responsibility for the latest break into T-Mobile US’s servers, in which over 50 million customer data was stolen. The system made it easy for him, explained John Binns. For example, he was able to crack the defense mechanisms of the US telecom subsidiary after discovering an unprotected router on the Internet. To do this, he simply searched T-Mobile’s well-known Internet address for vulnerabilities using a publicly accessible tool.

“Your security is terrible,” the hacker admitted in a letter to the Writing to the Wall Street Journal. Binns did not want to say whether he sold the stolen data or was paid for the theft. Security experts told the WSJ that much of the stolen data came from potential or former customers. According to ex-NSA general counsel Glenn Gerstell, this is not a sign of proper data management at T-Mobile.

As reported by the Wall Street Journal, John Binns appears on the Internet under the names IRDev and v0rtex. The cyber experts at UNIT 221B assume that the person behind the alias IRDev is responsible for the T-Mobil hack. Security researchers also stated that several online profiles associated with Binns are linked to groups of young gamers who create botnets to take websites offline.

In mid-August, T-Mobile in the USA had unauthorized access to data from the mobile operator. Initially, around 100 million customer data records were offered for sale on the Darknet, which allegedly were customer data from the US Telecom subsidiary. A little later, T-Mobile US confirmed that sensitive data from 7.8 million contract or postpaid customers had been stolen, including names, addresses, social security numbers, dates of birth, telephone numbers, as well as driver’s license and ID card numbers and IMEI numbers from smartphones.

There is no evidence that personal financial information, card numbers or passwords have been stolen, the company said. Last week, T-Mobile began to notify the affected customers. On his Info page The company has been providing McAfee identity protection services for two years and is reminding customers to update passwords and PIN codes regularly to ensure security. However, this should not help much against the system-internal problems.

One is confident that the security gap has now been closed, it says in one Statement from T-Mobile. In addition, a long-term partnership has been entered into with the cybersecurity experts from Mandiant and the consulting firm KPMG.

Recently, T-Mobile US had Timothy Youngblood, the manager of McDonald’s Corp. hired to oversee the company’s cybersecurity efforts. He succeeds Bill Boni, longtime head of information security, who has been retired since June. T-Mobile US achieved sales of $ 68.4 billion in 2020.


To home page