T-Mobile Says It’s Investigating a Possible Data Breach Incident

• A hacker is selling 100 million records allegedly stolen from T-Mobile’s servers for 6 bitcoin.
• The actor says the backdoor was shut, but the data was exfiltrated and even backed up in multiple locations.
• The American telecommunications giant hasn’t confirmed the validity yet and stated they’re currently investigating.

Hackers are selling what they claim to be a pack of 100 million records corresponding to 30 million T-Mobile subscribers in the United States, and the telco responded to the reports by assuring its client-base that the listing and the accompanying allegations will be investigated. This was first reported by Motherboard, who had a private discussion with the seller and saw proof of the existence of social security numbers, phone numbers, full names, physical addresses, driver license scans, and unique IMEI numbers in the pack.

The seller has offered the data for purchase over at RaidForums, asking for 6 bitcoin, which is roughly $282,700 today. As the hacker explained, they gained access to multiple T-Mobile’s servers thanks to a backdoor, and although the telco’s IT team spotted and kicked them out, they had already downloaded the data. Motherboard tested some of the provided phone numbers to confirm the validity of the data, and indeed they belong to T-Mobile customers.

T-Mobile is the second-largest wireless carrier in the United States, providing its services to 105 million people. As such, if the breach is confirmed to be real, the hackers have compromised roughly one-third of the total client-base of the American telco, which should be the most massive security incident in recent years for the particular company.

Unfortunately, T-Mobile has had several past data breach incidents in the past couple of years, with the most recent one surfacing in February 2021, another one exposing 200,000 customer details in December 2020, a third one concerning an undisclosed number of customers in November 2019, and finally an exposing incident affecting 2 million of its subscribers in August 2018. All of these are dwarfed by the numbers presented in the most recent breach, which allegedly exposes 30 million Americans.

If you are among them and you’re worried about your privacy and security, T-Mobile’s statement to Motherboard is unlikely to offer any appease: “We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.”

Finally, another confirmation of the breach comes from cyber-intelligence company Cyble, who confirmed to Bleeping Computer that the actors stole multiple databases, including T-Mobile’s customer relationship management (CRM) database. Possibly, T-Mobile will be forced to provide more clarifications about what has happened and who was compromised very soon.