Hacker promises to steal details of 100 million T-cellular shoppers

T-Cell is actively investigating a data breach following a threat actor promises to have hacked T-Mobile’s servers and stolen databases containing the individual knowledge of about 100 million customers.

The alleged information breach initially surfaced on a hacking forum yesterday after the menace actor claimed to be providing a database for six bitcoin (~$280K) containing beginning dates, driver’s license figures, and social protection numbers for 30 million people.

Forum post selling T-Mobile data
Forum article marketing T-Cellular knowledge

Whilst the forum put up does not condition the origins of the information, the threat actor advised BleepingComputer that they took it from T-Mobile in a enormous server breach.

The danger actor claims to have hacked into T-Mobile’s creation, staging, and improvement servers two months back, including an Oracle databases server that contains shopper details.

This stolen information allegedly has the details for roughly 100 million T-Cellular customers and can include customers’ IMSI, IMEI, cellular phone quantities, shopper names, stability PINs, Social Stability quantities, driver’s license quantities, and date of start.

“Their whole IMEI historical past database likely back again to 2004 was stolen,” the hacker instructed BleepingComputer.

An IMEI (Intercontinental Cellular Devices Id) is a one of a kind number applied to determine mobile telephones, even though an IMSI (Worldwide cell subscriber id) is a distinctive range linked with a consumer on a cellular community.

As evidence that they breached T-Mobile’s servers, the threat actors shared a screenshot of an SSH link to a output server jogging Oracle.

Alleged access to T-Mobile Oracle server via SSH
Alleged access to T-Cellular Oracle server by using SSH
Delicate data r​​​​edacted by BleepingComputer

Cybersecurity intelligence firm Cyble also advised BleepingComputer yesterday that the threat actor claims to have stolen numerous databases totaling around 106GB of data, including T-Mobile’s consumer relationship administration (CRM) database.

Motherboard, who initially claimed on this breach, reported they could verify that info samples supplied by the risk actor belonged to T-Cellular buyers.

When questioned if they tried to ransom the stolen facts to T-Cellular, the threat actors claimed they in no way contacted the enterprise and resolved to market it on community forums wherever they currently have interested purchasers.

When we contacted T-Mobile about the sale of this information they stated they are actively investigating it.

“We are mindful of claims made in an underground discussion board and have been actively investigating their validity. We do not have any more data to share at this time,” T-Cell told BleepingComputer.

T-Cell hacked for revenge

The danger actors tol Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, that they carried out this hack to harm US infrastructure.

“This breach was done to retaliate in opposition to the US for the kidnapping and torture of John Erin Binns (CIA Raven-1) in Germany by CIA and Turkish intelligence agents in 2019,” the risk actors instructed Gal in a discussion.

“We did it to harm US infrastructure.”

Binns is a resident of Turkey who sued the FBI, CIA, and Division of Justice in 2020.

The grievance alleges that Binn was tortured and harassed by the US and Turkish governments and is searching for to compel the Usa to launch documents regarding these pursuits less than the Independence of Information Act.

8/15/21: Included T-Mobile’s assertion.