Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,700
39,615


T-Mobile recently suffered a significant data breach that saw sensitive data from more than 50 million current, prospective, and former customers stolen.

tmobilelogo.jpg

John Binns, a 21-year-old American who lives in Turkey, told The Wall Street Journal that he is responsible for the attack. Binns said that he discovered an unprotected router in July after scanning T-Mobile's known internet addresses for weak spots.

He used the unprotected router to access T-Mobile's data center located in Washington, where stored credentials provided him access to over 100 servers. He said he initially panicked because he "had access to something big," and went on to claim that T-Mobile's "security is awful."

It took him about a week to sort through the servers to find the personal data on millions of customers, and he downloaded the data on August 4. On August 13, T-Mobile was informed that someone was selling T-Mobile customer data, and T-Mobile confirmed the breach just days later.

T-Mobile has since said that data from more than 50 million customers was accessed. Stolen data includes customer names, dates of birth, SSNs, ID cards, and licenses. The Wall Street Journal took steps to confirm that the hacker selling the data was Binns, using his IRDev online alias.

Binns told The Wall Street Journal that he hacked T-Mobile to "generate noise" and get attention as he had allegedly been the victim of an illegal kidnapping that saw him taken to a fake mental hospital in Germany. Binns would not say whether he had sold any of the data that he stole, and it is not clear if he had accomplices. The Seattle office of the FBI is investigating the hack.

Affected T-Mobile customers can receive two years of free identity protection services through McAfee's ID Theft Protection Service and can implement Account Takeover Protection features.

Article Link: T-Mobile's Security is 'Awful' Says Hacker Who Stole Data From 50 Million Customers
 
It's inevitable. They like controlling the whole widget of their products, and so to escape dealing (mostly) with carriers it could benefit the customer.
They would need to buy one of the existing carriers. The problem is spectrum availability. There isn’t enough available that’s feasible to use as data services nationwide.
 
I think two things need to happen at the regulatory level to reduce these incidents:
  1. Civil and criminal penalties on companies that experience preventable breaches.
  2. Disrupt the ability of criminals to receive, launder, and redeem cryptocurrencies (see https://www.schneier.com/blog/archives/2021/07/disrupting-ransomware-by-disrupting-bitcoin.html for a good discussion)
Unfortunately, I don't think either of these will happen anytime soon due to numerous political obstacles within countries and to a lack of incentives for global institutions to act.
 
Last edited:
It's inevitable. They like controlling the whole widget of their products, and so to escape dealing (mostly) with carriers it could benefit the customer.


Inevitable? - quite the opposite, don't see how that would work. There's not exactly a bunch of spectrum lying around to start from scratch, and any of the players are not exactly for sale, not to mention the expense - for what benefit exactly? MVNO doesn't seem like an Apple arrangement either. If they really wanted to be a carrier they would have done that years ago.
 
Unfortunately, I don't think either of these will happen anytime soon due to numerous political obstacles within countries and to a lack of incentives for global institutions to act.
Unless it affects the ultra-wealthy, you will never see any action on these items in the US. Only when the donor-class gets effected, then they act swiftly to protect, but everyday people will just get the standard response, "It's your responsibility to protect yourself."

I find it amusing he is brazen enough to admit he did it, but what say if he sold the information. Pretty sure he did. He should face some jail time for it, but we all know he won't since regular people had their information stolen.
 
Should be subject to government oversight. Having some tort lawyers make millions while everybody else gets a $10 check won’t change anything.

This response, right here is perfect. I received a check for over 100 on my PowerBeats 2/3 suit, but I wonder how much of it the lawyers made off it. Class action lawsuits are a joke.
 
I really wish Apple would start their own cell service.
So, they can scan ALL your traffic for child porn(or whatever they cave into to scan for next)? They give into China pretty easily, I can see people over there NOT wanting an Apple carrier. They also likely wouldn't allow Android devices so if your wife wants an Android goodbye family plan.
 
I’d rather have the real value of the data stolen instead of this two years of McAfee's ID Theft Protection. Since they showed gross incompetence the only reasonable option is to let customers unilaterally declare the value of their compromised data.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.