Tag: Hack

Picture poorly representing the concept of identity theft

T-Mobile Admits Customers’ Personal Data Was Hacked

Christian

Today, T-Mobile shared another press release about its recent security breach. In today’s release, T-Mobile finally acknowledged that customers’ personal data was definitely compromised.

T-Mobile shared details about the scope of the breach:

Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile.

While sensitive information was compromised, it looks like financial details, including credit card numbers, were safe:

We have no indication that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information…Some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information.

My biggest question now is whether T-Mobile has a good justification for keeping former customers’ SSNs on file.

Image reading "system hacked"

Huge Data Breach At T-Mobile

Christian 1 Comment

Yesterday, Joseph Cox at Motherboard reported that a hacker was trying to sell stolen data from 100 million T-Mobile customers. The compromised information isn’t trivial:

The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller said. Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.

The hacker allegedly downloaded all of the data locally before losing access to T-Mobile’s servers.

Today, T-Mobile issued an evasive press release and acknowledged that its systems were compromised (emphasis mine):

We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed…We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed…Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.

Bullshit. Customers’ personal data was compromised. T-Mobile knows it.

I won’t be surprised if this data breach ultimately ends up looking similar in magnitude to the infamous 2017 Equifax fiasco. T-Mobile’s stock closed today about 3% down from its closing price on Friday.1

Update:
Lawrence Abrams at BleepingComputer shared an article with additional information and rumors. Here’s one interesting bit:

The threat actor claims to have hacked into T-Mobile’s production, staging, and development servers two weeks ago, including an Oracle database server containing customer data…’Their entire IMEI history database going back to 2004 was stolen,’ the hacker told BleepingComputer.

Hacked Order Page At Boom! Mobile

Christian

The mobile virtual network operator (MVNO) Boom! Mobile was recently hacked. Ars Technica has a good article covering the incident.

A bit of malicious code was inserted in the checkout section of Boom’s website. Hackers used the code to skim payment information and credit card numbers from Boom’s customers. It looks like the malicious code was active for at least a few hours, possibly longer.

Boom’s website was running an outdated version of PHP. At this time, I don’t know what vulnerability the hackers took advantage of. I’m also unsure if this was an isolated incident or if Boom was affected by other security breaches.

I’m not sure Boom should have been handling its own payment processing. The carrier may have violated PCI DSS rules.

Update: A representative from Boom posted the following on Howard Forums:

Hey guys,

Thanks for checking in.

boom MOBILE deeply regrets this incident happened. From the start, we moved quickly to contain the incident and conduct a thorough investigation. We have found that the malware was located only on our shopping cart at boom.us and not on any of our other sites such as myaccount.boom.us which is used by customers to manage their billing. We encourage customers who may have made a purchase from www.boom.us between 9/30/20 – 10/5/20 to take the necessary precautions with their credit card company. This incident did not compromise any boom MOBILE accounts, saved payment or autopay details. Our saved payment/autopay system does not store any bank information and was verified to be safe. The credit card processor provides us with a secure token than can only be used by boom! MOBILE from our secure server. We are committed to protecting your data & privacy. We are PCI compliant and do not store financial data on our servers. Our shopping cart provider has ensured us our site is safe and the malware has been removed.

2,000,000 AT&T Phones Were Unlocked Illegally

Christian

It recently came out that around 2,000,000 AT&T phones were unlocked by hackers that bribed AT&T employees. Muhammad Fahd and co-conspirators allegedly bribed a handful of AT&T employees to make the unlocks possible.

As I understand it, around 2012 lists of IMEI numbers were provided to bribed employees so that devices could be fraudulently unlocked. Eventually, the crimes became more involved. Bribed employees installed malware on AT&T systems and fraudulent wireless access points in AT&T facilities.

It’s a crazy story. Several years ago, I wondered how so many third-party services managed to offer device unlocking. I suppose this story is part of the explanation.

For more details, check out Ars Technica’s article.