No data to display.

21-year-old hacked T-Mobile’s systems to gain attention, says “Their security is awful”

By Yashasvini on Aug 27, 2021 | 03:37 AM IST

tmobile.jpg


Wall Street Journal reported that the hacker broke into T-Mobile US Inc.’s systems said the wireless company’s lax security eased his path into a cache of records with personal details on more than 50 million people and counting.

The 21-year-old American hacker accepted responsibility for the attack and communicated with WSJ via a Telegram chat. John Binns moved to Turkey a few years ago. He said that he managed to cut through the company’s defenses after discovering in July an unprotected router exposed on the internet.

The young hacker said he wanted to gain attention, but refrained from saying whether he had sold any of the stolen data or was paid to breach T-Mobile. “Generating noise was one goal,” he wrote.

He told WSJ that he had been scanning T-Mobile’s known internet addresses for weak spots using a simple tool available to the public.

The entry point to hacking into the cellphone carrier’s data center was located outside East Wenatchee, Washington, where he accessed more than 100 servers using the stored.

“Their security is awful,” he told WSJ.

It took him a week to get into the servers that contained personal data about the carrier’s former and current customers, adding that the hack lifted troves of data around Aug. 4.

The WSJ report also mentioned that public details of the hack and reports of previous T-Mobile breaches showed the carrier’s security needed improvement. Many of the records reported stolen were from prospective clients or former customers long gone.

T-Mobile confirmed the data breach on Sunday after U.S.-based digital media outlet Vice first reported that a seller had posted on an underground forum offering for sale some private data, including social security numbers from a breach at T-Mobile servers.

The seller said that the data included 30 million social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver's licenses information. They were selling it for 6 bitcoin or nearly $270,000.

The wireless carrier said it had repaired the security hole that enabled the breach. “We are confident that we have closed off the access and egress points the bad actor used in the attack,” it said in a statement.

Picture Credits: Wall Street Journal

Stock View