Personal data of 100 million T-Mobile subscribers is stolen and put up for sale
T-Mobile, the nation's second-largest carrier, is investigating a data breach that reportedly affects more than 100 million people who use the wireless provider. Vice reports that a forum post is offering to sell personal data that comes from T-Mobile's servers according to the seller. The data allegedly includes phone numbers, social security numbers, names, addresses, and the unique IMEI numbers that each handset has.
Other data stolen includes driver's license information. Motherboard says that it has viewed the data being sold and confirms that it is legitimate information coming from T-Mobile customers. The seller of the data in a chat with Motherboard wrote, "T-Mobile USA. Full customer info." The seller explained that they were able to steal the data from multiple T-Mobile servers.
So what is the going price for stolen data that belongs to T-Mobile customers? The seller was asking for 6 bitcoins valued at approximately $280,000. At that price, you could purchase data related to 30 million social security numbers and drivers licenses. The seller added that the attackers had lost access to the "backdoored servers" leading him to believe that T-Mobile had already discovered the data theft.
Reportedly, the data belonging to 100 million T-Mobile customers has been stolen and is up for sale
T-Mobile released a statement that said, "We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time."
Even though the attackers have been kicked out of the servers, the group had already downloaded the data. "It's backed up in multiple places," said the seller. There is still the possibility that this is a bluff and that the size of the breach has been exaggerated, or that the data that Motherboard was willing to vouch for came from an earlier data breach.
This isn't the first time that T-Mobile has been hit by a data breach. In March 2020, a group referred to as "sophisticated hackers" was able to obtain some personal data belonging to some T-Mobile customers before the carrier's cybersecurity team was able to shoot them down.
T-Mobile subscribers should continue to monitor this story and if we have any additional news to report, we will update this story.
Things that are NOT allowed: