T-mobile gets hacked


Wikimedia commons

Hoko, CC BY-SA 4.0 , via Wikimedia Commons

T-Mobile announced that its data had been breached by an unidentified source, most likely a hacker. The break-in left 50 million accounts of user-data info vulnerable to be sold on the darknet. The hacker has confirmed that this process is now underway for personal information of T-Mobile users such as name, data, dates of birth, social security numbers, addresses, and personal emails. As well as, International Mobile Equipment Identity (IMEI), a unique identification or serial number that all mobile phones and smartphones have.
Mike Sievert, CEO of T-Mobile has since apologized for the illegal data access into T-mobile servers he says, “Knowing that we failed to prevent this exposure is one of the hardest parts of this event.” Sievert is now having T-Mobile partner up with Mandiant and KPMG, two very well known cybersecurity companies, to help the company improve its cybersecurity.
A 21-year-old US citizen by the name of John Binns told The Wall Street Journal and Alon Gal, co-founder of cybercrime intelligence firm Hudson Rock, that he was the main culprit behind the attack. According to the Wall Street Journal, he had been searching for weaknesses in T-Mobile’s defenses through its internet addresses, and finally gained access to a data center near East Wenatchee, Washington where he had free range to explore more than 100 T-Mobile servers. From then on, it took him about one week to infiltrate the server’s databases that contained the personal data of millions of T-Mobile customers. By August 4th, Binns had stolen millions of files. He gave a statement to The Wall Street Journal saying, “I was panicking because I had access to something big. Their security is awful … Generating noise was one goal.”
In November, Binns filed a lawsuit in a Washington DC district court, against the FBI, CIA, and Justice Department. Which stated that he was being wrongfully investigated for multiple cybercrimes, and for allegedly being a member of the so-called Islamic State militant group, ISIS. He alleges that the Department of Justice, the CIA, and the FBI framed him into being someone he was not to play into their own narrative. “I have no reason to make up a fake kidnapping story and I’m hoping that someone within the FBI leaks information about that,” Binns explained in his messages to the Wall Street Journal. In the lawsuit Binns claims that the CIA broke into his homes and wiretapped his computers as part of a larger investigation into his alleged cybercrimes. Binns later said, in the same Wall Street Journal interview, “The breach was done to retaliate against the US for the kidnapping and torture of John Erin Binns in Germany, by the CIA and Turkish intelligence agents in 2019. We did it to harm US infrastructure.” Binns has not said if he has sold the data he stole, but he did say that there were already multiple prospective buyers that were very interested in the stolen data of millions of T-Mobile customers. T-Mobile has announced that it will give further updates on the matter, and has also given advice to their customers, telling them to change and update their passwords and the 2-step verification process to ensure that they are the only ones who can gain access to their personal account information.

Walsh, Emily. “T-Mobile CEO Apologizes for the Hack That Exposed Data of 53 Million People as the Company Faces Class-Action Lawsuits over the Breach.” Business Insider, Business Insider, 27 Aug. 2021, www.businessinsider.com/t-mobile-ceo-apologizes-for-the-hack-that-exposed-data-2021-8.
Greig, Jonathan. “T-Mobile Hack: Everything You Need to Know.” ZDNet, ZDNet, 28 Aug. 2021, www.zdnet.com/article/t-mobile-hack-everything-you-need-to-know/.