T-Mobile's 'awful' security led to huge data breach that's getting bigger by the day
Before T-Mobile was probably even aware of its latest (and unfortunately, greatest ever) security breach, a treasure trove of data purportedly swiped from as many as 100 million people went up for sale online.
While there's no indication anyone actually ended up buying said illegally obtained information, the man (or should we say boy?) behind the cyber-attack since confirmed to have violated the privacy of at least 53 million current, past, and prospective T-Mo customers remains committed to damaging the "Un-carrier's" public image.
The hack was not as complicated as you might think
Look, everyone is vulnerable in the face of a sophisticated enough "bad actor" or hacking group. Wireless service providers, social media giants, search giants, federal governments, eve-ry-one.
But although that's a simple 21st century fact we all need to learn to accept and live with, what may not be so easy to swallow for the 53 million+ aforementioned people is hearing a 21-year-old describe just how effortlessly he was able to hit the jackpot.
Born in the US and raised in Northern Virginia by his Turkish mother, John Binns (which, believe it or not, is not a fake name) reached out to the Wall Street Journal to, well, get some attention after discovering an "unprotected router exposed on the internet" just last month.
Incredibly enough, the discovery was made with the help of a "simple tool available to the public", relatively quickly leading to the unauthorized access of more than 100 servers containing all the information that's now compromised for good.
We're talking everything from phone numbers to IMEI and IMSI data, as well as customer names, birth dates, Social Security numbers, addresses, and driver's license/ID information, which was all stored together for some reason for current, former, and even just "prospective" T-Mobile subscribers.
With all of that in mind, it's easy to understand why the aspiring hacker who single-handedly managed to penetrate all of Magenta's protections in the space of a few weeks views the company's security as an embarrassment.
What's perhaps even more embarrassing is that the mobile network operator's "awful" security doesn't appear to have improved on the heels of not one but two other data breaches (of smaller proportions) revealed in the last couple of years alone.
Even more people than previously reported were impacted
First, there were 47.8 million current, former, and prospective T-Mobile customers confirmed as compromised to a degree or another. Then, the "Un-carrier" extended the scope of the attack by including even more types of data believed to be stolen, as well as an additional 6 million or so accounts.
Now the tally is growing with an unknown value as an unspecified number of business customers are also confirmed (via Fierce Wireless) as victims of this recent mega-hack.
The good news is that T-Mo still has no reason to believe any sort of financial, credit card, debit, or other payment information pertaining to personal or business accounts has been compromised, although as the ongoing investigation progresses, that could obviously change at any time.
The bad news is the types of impacted business information are sensitive enough to cause some serious damage, including everything from business names to federal tax IDs, addresses, contact names, and business phone numbers, not to mention personal data ranging from names to drivers' licenses, government identification numbers, SSNs, birth dates, addresses, phone numbers, and last but not least, IMEI and IMSI numbers.
In short, this is bad, nay, "awful", and it's only getting worse as more information comes to light. For what it's worth, T-Mobile is "confident" that the "bad actor's" access to its internal systems has been closed off, and oh, look, there's an Apple TV+ freebie to distract you from this huge scandal.
Things that are NOT allowed: