T-Mobile's Security is 'Awful' Says Hacker Who Stole Data From 50 Million Customers

[MacRumors]

T-Mobile recently suffered a significant data breach that saw sensitive data from more than 50 million current, prospective, and former customers stolen.

John Binns, a 21-year-old American who lives in Turkey, told The Wall Street Journal that he is responsible for the attack. Binns said that he discovered an unprotected router in July after scanning T-Mobile's known internet addresses for weak spots.

He used the unprotected router to access T-Mobile's data center located in Washington, where stored credentials provided him access to over 100 servers. He said he initially panicked because he "had access to something big," and went on to claim that T-Mobile's "security is awful."

It took him about a week to sort through the servers to find the personal data on millions of customers, and he downloaded the data on August 4. On August 13, T-Mobile was informed that someone was selling T-Mobile customer data, and T-Mobile confirmed the breach just days later.

T-Mobile has since said that data from more than 50 million customers was accessed. Stolen data includes customer names, dates of birth, SSNs, ID cards, and licenses. The Wall Street Journal took steps to confirm that the hacker selling the data was Binns, using his IRDev online alias.

Binns told The Wall Street Journal that he hacked T-Mobile to "generate noise" and get attention as he had allegedly been the victim of an illegal kidnapping that saw him taken to a fake mental hospital in Germany. Binns would not say whether he had sold any of the data that he stole, and it is not clear if he had accomplices. The Seattle office of the FBI is investigating the hack.

Affected T-Mobile customers can receive two years of free identity protection services through McAfee's ID Theft Protection Service and can implement Account Takeover Protection features.

Article Link: T-Mobile's Security is 'Awful' Says Hacker Who Stole Data From 50 Million Customers

 

[coachgq]

I really wish Apple would start their own cell service.

 

[acorntoy]

He’s headed to a real mental hospital if this is true. What an idiot.

 

[Apple Knowledge Navigator]

I really wish Apple would start their own cell service.

It's inevitable. They like controlling the whole widget of their products, and so to escape dealing (mostly) with carriers it could benefit the customer.

 

[Xtir]

I really wish Apple would start their own cell service.

because these things do not happen there?

 

[MacNut]

Companies that can’t secure their data should be subject to massive class action lawsuits by their customers.

 

[jz0309]

He’s headed to a real mental hospital if this is true. What an idiot.

yep, they're going to find him ... but how did this get to the WSJ?

 

[CubeHacker]

It's inevitable. They like controlling the whole widget of their products, and so to escape dealing (mostly) with carriers it could benefit the customer.

They would need to buy one of the existing carriers. The problem is spectrum availability. There isn’t enough available that’s feasible to use as data services nationwide.

 

[TheYayAreaLiving 🎗️]

Thats T-Mobile. What do you expect? The network may be realiable but it's wishy washy. It’s crazy how a hacker was able to obtain over 50 million customers info.

Apple needs to start investing in it's own cell towers.

 

[zorinlynx]

I really wish Apple would start their own cell service.

Apple is probably worried enough about anti-trust as it is.

 

[KaliYoni]

I think two things need to happen at the regulatory level to reduce these incidents:

1. Civil and criminal penalties on companies that experience preventable breaches.
2. Disrupt the ability of criminals to receive, launder, and redeem cryptocurrencies (see https://www.schneier.com/blog/archives/2021/07/disrupting-ransomware-by-disrupting-bitcoin.html for a good discussion)

Unfortunately, I don't think either of these will happen anytime soon due to numerous political obstacles within countries and to a lack of incentives for global institutions to act.

 

[fireguy286]

It's inevitable. They like controlling the whole widget of their products, and so to escape dealing (mostly) with carriers it could benefit the customer.

Inevitable? - quite the opposite, don't see how that would work. There's not exactly a bunch of spectrum lying around to start from scratch, and any of the players are not exactly for sale, not to mention the expense - for what benefit exactly? MVNO doesn't seem like an Apple arrangement either. If they really wanted to be a carrier they would have done that years ago.

 

[Morgenland]

I see... do they have fake mental hospitals in Germany?

 

[acorntoy]

Companies that can’t secure their data should be subject to massive class action lawsuits by their customers.

Should be subject to government oversight. Having some tort lawyers make millions while everybody else gets a $10 check won’t change anything.

 

[Michael Scrip]

I really wish Apple would start their own cell service.

In 150 countries?

Or just the United States?

edit: fixed typo

 

[0924487]

I really wish Apple would start their own cell service.

Antitrust

 

[progx]

Unfortunately, I don't think either of these will happen anytime soon due to numerous political obstacles within countries and to a lack of incentives for global institutions to act.

Unless it affects the ultra-wealthy, you will never see any action on these items in the US. Only when the donor-class gets effected, then they act swiftly to protect, but everyday people will just get the standard response, "It's your responsibility to protect yourself."

I find it amusing he is brazen enough to admit he did it, but what say if he sold the information. Pretty sure he did. He should face some jail time for it, but we all know he won't since regular people had their information stolen.

 

[progx]

Should be subject to government oversight. Having some tort lawyers make millions while everybody else gets a $10 check won’t change anything.

This response, right here is perfect. I received a check for over 100 on my PowerBeats 2/3 suit, but I wonder how much of it the lawyers made off it. Class action lawsuits are a joke.

 

[AltecX]

I really wish Apple would start their own cell service.

So, they can scan ALL your traffic for child porn(or whatever they cave into to scan for next)? They give into China pretty easily, I can see people over there NOT wanting an Apple carrier. They also likely wouldn't allow Android devices so if your wife wants an Android goodbye family plan.

 

[0924487]

I see... do they have fake mental hospitals in Germany?

Sounds like ΡornHub.

 

[4jasontv]

I’d rather have the real value of the data stolen instead of this two years of McAfee's ID Theft Protection. Since they showed gross incompetence the only reasonable option is to let customers unilaterally declare the value of their compromised data.

 

[4jasontv]

Antitrust

doublethink.

 

[bushman4]

Fact: T Mobile has been hacked more often than any other carrier

 

[synergize]

He’s headed to a real mental hospital if this is true. What an idiot.

He's gonna share a room with JB.

 

[WiseAJ]

Companies that can’t secure their data should be subject to massive class action lawsuits by their customers.

I can't wait to get my $2 check in the mail in 5 years