T-Mobile revealed that it is currently investigating a post from an underground forum claiming to be selling millions of personal data.
The underground forum itself does not mention the company, but the seller revealed to an exclusive interview with Motherboard that the data that are being sold came from T-Mobile servers. The seller also stated that over 100 million people are affected by the breach.
T-Mobile's Massive Data Breach
The data includes the names, phone numbers, social security numbers, IMEI numbers, physical addresses, and driver license information of the victims.
Motherboard reported that it had seen samples of the stolen data. The publication confirmed that the data contained accurate information on T-Mobile customers.
The seller also stated that hackers compromised several T-Mobile servers in order to obtain the data.
T-Mobile Customer Data on the Dark Web
On the underground forum, people can buy the data for six bitcoin, which costs around $270,000. The data will contain 30 million social security numbers and driver licenses. The seller revealed that they are privately selling the data on the dark web.
The seller stated that they lost access to the servers, which means that T-Mobile already found out about the data breach.
The company has since kicked them out of the servers, but the seller confirmed that they already downloaded the data on their end and that they've secured a backup.
T-Mobile released a statement about the incident and stated that they are already aware of the claims made in the forum. The company is actively investigating the validity of the claims.
T-Mobile added that they do not have any new information about the breach yet and will be updating its customers as soon as the investigation is done.
Previous Data Breach
This is not the first time that the mobile company encountered hackers. In 2015, 15 million T-Mobile customers were exposed to hackers after a credit card company was breached.
In January, 200,000 T-Mobile customers were affected by a data breach.
In February, 400 T-Mobile customers fell victim to hackers, according to Tom's Guide.
The hackers penetrated the company's systems and took over several customer accounts. The mobile company immediately informed all of the affected customers of what happened.
The data breach involved the customer's name, address, account number, customer account personal information number or PIN, Social Security number, their account security questions and answers, and their date of birth.
T-Mobile sent out boilerplate letters to those who were affected by the data breach to let them know which personal information was obtained by the hackers, according to Bleeping Computer.
According to the letter, the hackers used the customer's information to port the line to a different carrier without authorization. The company was able to identify the activity and terminated all unauthorized access to the server. The company also implemented additional security measures.
SIM-swapped or "Ported" numbers can be used as leverage by hackers to hack into other accounts or steal any type of cryptocurrency.
There are also other things that hackers can do with a stolen phone number and with all of the information that they got when they compromised the accounts.
In numerous data breach cases, online thefts only need the victim's name, date of birth, street address, and Social Security number to fully steal their identity.
This article is owned by Tech Times
Written by Sophie Webster