21-year-old hacked T-Mobile’s systems to gain attention, says “Their security is awful”
By Yashasvini on Aug 27, 2021 | 03:37 AM IST
Wall Street Journal reported that the hacker broke into T-Mobile US Inc.’s systems said the wireless company’s lax security eased his path into a cache of records with personal details on more than 50 million people and counting.
The 21-year-old American hacker accepted responsibility for the attack and communicated with WSJ via a Telegram chat. John Binns moved to
Turkey a few years ago. He said that he managed to cut through the company’s defenses after discovering in July an unprotected router exposed on the internet.
The young hacker said he wanted to gain attention, but refrained from saying whether he had sold any of the stolen data or was paid to
breach T-Mobile. “Generating noise was one goal,” he wrote.
He told WSJ that he had been scanning T-Mobile’s known internet addresses for weak spots using a simple tool available to the public.
The entry point to hacking into the cellphone carrier’s data
center was located outside East Wenatchee, Washington, where he accessed more
than 100 servers using the stored.
“Their security is awful,” he told WSJ.
It took him a week to get into the servers that contained personal data about the carrier’s former and current customers, adding that the hack lifted troves of data around Aug. 4.
The WSJ report also mentioned that public details of the hack and reports of previous T-Mobile breaches showed the carrier’s security needed improvement. Many of the records reported stolen were from prospective clients or former customers long gone.
T-Mobile confirmed the data breach on Sunday after U.S.-based
digital media outlet Vice first reported that a seller had posted on an
underground forum offering for sale some private data, including social
security numbers from a breach at T-Mobile servers.
The seller said that the data included 30 million social security numbers, phone numbers, names, physical addresses, unique IMEI
numbers, and driver's licenses information. They were selling it for 6 bitcoin
or nearly $270,000.
The wireless carrier said it had repaired the security hole that enabled the breach. “We are confident that we have closed off the access and
egress points the bad actor used in the attack,” it said in a statement.
Picture Credits: Wall Street Journal