Cybercriminal allegedly stole data of 100 million T-mobile customers
U.S. telecom giant T-Mobile is investigating a report of the customer data breach that reportedly affects 100 million customers. Threat actor claimed on a hacking forum to be selling a subset of data with 30 million social security numbers and driver licenses for six bitcoin (approximately $287,000 at current prices). The hacker is also selling access to the rest of the data privately.
Database allegedly contains social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver license information. As the hacker said, the entire IMEI history database going back to 2004 was stolen.
While the dark web forum post does not state the origins of the data, the hacker said in an online chat that he had compromised production, staging, and development T-Mobile servers and had “full customer info”.
To prove the breach of T-Mobile’s servers, the threat actor shared a screenshot of an SSH connection to a production server running Oracle. Hacker said he never contacted the company to demand ransom and decided to sell it on forums with already interested buyers.
“We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time,” said T-Mobile.