Hackers claim to breach 100 million T-Mobile accounts
Source: Fortune
T-Mobile appears to be the victim of a massive data breach, with the hackers looking to sell personal data online for 100 million people.
In a forum post, the hackers say they collected phone numbers, physical addresses, and drivers license information for the larger group, as well as roughly 30 million Social Security numbers. Motherboard, which first reported the hack, says it has confirmed the authenticity of the data, noting it matches the information of T-Mobile customers.
T-Mobile did not respond to Fortunes request for comment.While the initial post does not mention the cellular company, the hackers told Motherboard the data came from T-Mobile.
The asking price for a subset of the personal information (the Social Security and drivers license data) is six Bitcoin, roughly $270,000. The remainder of the accounts are reportedly being sold privately.
Read more: https://fortune.com/2021/08/16/tmobile-data-breach-2021-t-mobile/
I just heard a "Oh by the way, T-Mobile is investigating a large breach" story on the radio about 10 minutes ago.
I have been a Sprint customer for 20 years and of course T-Mobile merged with Sprint, and has been slowly migrating people over, although I don't think my account has been completely migrated over to their system yet (they have mainly "rebranded" the Sprint account site). I have one phone with a Sprint SIM (with T-Mobile whining about my moving to theirs eventually) and the other with a T-Mobile SIM (the phone I bought last October, about 6 months after the April 2020 merger completion announcement).
ETA- the source the media are using is from Motherboard mag (owned by Vice now) -
by Joseph Cox
August 15, 2021, 11:03am
T-Mobile says it is investigating a forum post claiming to be selling a mountain of personal data. The forum post itself doesn't mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile servers.
The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller said. Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.
"T-Mobile USA. Full customer info," the seller told Motherboard in an online chat. The seller said they compromised multiple servers related to T-Mobile.
(snip)
On the underground forum the seller is asking for 6 bitcoin, around $270,000, for a subset of the data containing 30 million social security numbers and driver licenses. The seller said they are privately selling the rest of the data at the moment. "I think they already found out because we lost access to the backdoored servers," the seller said, referring to T-Mobile's potential response to the breach.
More: https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million
honest.abe
(8,688 posts)This might be a scam.
Sherman A1
(38,958 posts)Many years ago.
BumRushDaShow
(129,875 posts)at the rebranded Sprint store near me and added it to my Sprint account, I provided a driver's license for proof of being the owner of my account.
I don't recall about SS # but if you make any changes to any cell service (at least "in person" ), I would expect they need to verify you are you.
I think they verify in other ways when doing it online.
honest.abe
(8,688 posts)Its been a few years.
BumRushDaShow
(129,875 posts)so I get that.
(I often got forced to because they would stop the PRL updates and/or whine about no longer using that phone's frequency for service)
PSPS
(13,628 posts)Ron Obvious
(6,261 posts)My plan has now been grandfathered in as a pay-as-you-go 10c/minute plan and I'm pretty sure I never gave them any of that information. I gave them an email address, which I didn't particularly like, but they don't need any of that other information and I'd refuse to give it them. This sort of thing shows why I was right in that.
Merlot
(9,696 posts)"Unfortunately, T-Mobile has stopped. OK"
It greys out the phone, I hit "ok" and have about 2 seconds to do anything before it appears again. I'm receiving texts and calls, and was even able to call t-mobile on my phone to discuss the problem. No one at t-mobile has heard of this happening and they don't know how to fix it.
I wonder if this is related?
bucolic_frolic
(43,442 posts)regnaD kciN
(26,045 posts)Longtime Sprint customers, recently migrated to T-Mobile. I doubt that makes us immune.
BumRushDaShow
(129,875 posts)and my Sprint phone still works fine so far. I am prepping to deal with the changeover though since, for example, Sprint had a free Hulu (ad-supported) sub when I got my Note 9 and T-Mobile doesn't have that but offers Netflix. Just more hassle to work out rejiggering my account.
aggiesal
(8,941 posts)drivers license information or Social Security numbers to T-Mobile.
Maybe this is from their employees.
Baltimike
(4,148 posts)I bet this was what it was about
sybylla
(8,533 posts)They just sent me a new sim last month. Before that my service was shite. I wanted to order a new phone early September. Now, I might be changing phone companies.
Not that any of them are immune, though, but JFC. I wish the penalties were high for this kind of slip-shod privacy breeches. Corporations would do a better job of protecting that info if they were.
C Moon
(12,225 posts)I'm logged in on my T-Mobile app, and it keeps kicking me out when I try to access my profile to change the password.
Request Timed Out or one said, "Service Unavailable. Uh oh, it looks like we have our wires crossed. Please try again later."
I guess that means they're working on it. Hopefully.
Not too happy about this.
BumRushDaShow
(129,875 posts)13 years ago and I love it as a news aggregation site!!
(and I have watched your "moons" change over the years )
TheBlackAdder
(28,240 posts)electric_blue68
(14,986 posts)T-Mobile is what I've had since I got my first smartphone just as lockdown was starting in NYC. Previously was a pay-as-go basic cell whose battery was getting too hard to find.
getagrip_already
(14,934 posts)They have known about this problem for a while. If a reporter was able to contact the hackers, get enough data to verify (contact names on the list and verify they were t-mobile customers), and were told the hackers lost access, that would mean t-mobile has known for a while (at least a full week).
No notification to customers. No acknowledgement. No information whatsoever.
Nice ethics they have there.