Hackers sell data of 100 million T-Mobile customers

An announcement appeared on an underground forum: hackers are selling personal data of approximately 100 million customers of T-Mobile, one of the largest telecom operators in the world.

The seller claims that two weeks ago, he hacked into the company’s servers (production, staging, and development servers, including the Oracle server that contained customer data) and stole the data from there. At least, this is what he told Bleeping Computer reporters.

An attacker assesses the entire dump at 6 bitcoins (about $280,000), claiming that in total the database contains information on 100 million people, including IMSI, IMEI, phone numbers, names, security PINs. Worse, roughly 30 million more people have dates of birth, driver’s license numbers, and even social security numbers.

As proof of their words, the attacker provided a screenshot of an SSH connection to the production server running Oracle.

According to information security company Cyble, in total, the criminal stole more than 106 GB of information, including the database of the customer relationship department.

The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller said. Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.

Vice Motherboard, one of the first to discover the leak, confirms that the data samples provided by the attacker did indeed belong to T-Mobile customers. At the same time, the attacker told reporters that he did not even try to demand a ransom from the company, since he already had interested buyers on the hacker forums.

Representatives of T-Mobile said that they already know about the incident and assure that they are studying it:

Let me remind you that we also talked about the fact that User data leaked from Gettr few days after launch, as well as that Rapid7 source code leaked due to Codecov hack.