A day later, T-Mobile confirmed it had been breached.
T-Mobile provided a statement at the time saying it was investigating the hack against its company. At the time Motherboard spoke to the person selling the data including SSNs and obtained samples of the data which confirmed the hacker had accurate information on T-Mobile customers. Motherboard first revealed news of the breach mentioned in the court document several days after the specific RaidForums threads mentioned. Image: Motherboard.Ĭompany 3, the unnamed telecommunications firm that hired this third-party, was T-Mobile, according to Motherboard’s review of the timeline and information included in the court records. The document says that “it appears the co-conspirators continued to attempt to sell the databases after the third-party’s purchase.”Ī screenshot of the court document. The purpose of the deletion would be that this undercover customer would be the only one with a copy of the stolen information, greatly limiting the chance of it leaking out further. That employee then purchased the entire database for around $150,000, with the caveat that SubVirt would delete their copy of the data, it adds. The document goes on to say that this company “hired a third-party to purchase exclusive access to the database to prevent it being sold to criminals.” An employee of this third party posed as a potential buyer and used the RaidForums’ administrator’s middleman service to buy a sample of the data for $50,000 in Bitcoin, the document reads.
The document does not name the victim company, instead referring to it as Company 3, but says another post confirmed that the data belonging to “a major telecommunications company and wireless network operator that provides services in the United States.
The FCC already announced it’s investigating the incident, and at least one class-action lawsuit has been filed against T-Mobile, calling its response and promised two years of identity protection services “inadequate.” The investigation is still ongoing, but T-Mobile customers (current, former, or just prospective ones who filled out an application) can go here for more information.“On or about August 11, 2021, an individual using the moniker ‘SubVirt’ posted on the RaidForums website an offer to sell recently hacked data with the following title: ‘SELLING-124M-U-S-A-SSN-DOB-DL-database-freshly-breached.’” Later, Subvirt changed the thread title to “SELLING 30M SSN + DL + DOB database,” the document continues. Former Sprint prepaid and Boost Mobile customers are still in the clear, however, 52,000 names tied to Metro by T-Mobile accounts were stolen.Īn unspecified number of files contained “phone numbers, IMEI, and IMSI numbers.” According to T-Mobile that did not include any personally identifiable information, which is a questionable claim since it could be easy to tie someone’s identity to their phone number based on other leaked data or simply browsing publicly available listings. The same goes for an additional 667,000 accounts of former T-Mobile subscribers that are being added to the total.
#T mobile security breach license#
That kind of data could be used to track mobile devices or assist in SIM swapping attacks where someone hijacks your phone number to intercept two-factor authentication codes or other information.Īdditionally, 5.3 million more postpaid customers have also been identified as part of the breach, but without revealing their driver’s license / ID or Social Security numbers. IMSI stands for International Mobile Subscriber Identity and is the identifier for the SIM card to which your mobile phone number is tied. More than 50 million people have been included in the breach
0 kommentar(er)
