On Sunday, T-Mobile acknowledged that hackers are selling the data of more than 100 million users for $277,000 on the dark web. T-Mobile is looking into the data breach after threat actors claimed to have hacked into millions of customers’ servers and databases.
On Sunday, Motherboard said that it had spoken with the seller, who claimed that they had taken data from T-servers Mobile’s containing customer information such as Social Security numbers, names, addresses, and driver licenses.
Data from 100 million T-Mobile customers was stolen, including unique IMEI numbers, names, and other personal information.
T-production, Mobile’s servers, and staging were all hacked roughly two weeks ago, according to reports; the Oracle database server was also hijacked.
According to a T-Mobile spokesman,
“We’re aware of statements made in an underground forum and have been looking into their veracity. At this point, we don’t have any other information to share.”
According to Cyble, a cybersecurity intelligence organization, the threat actor acquired about 106GB of data, including T-customer Mobile’s relationship management (CRM) database. This data leak was initially disclosed by the motherboard.
T-Mobile has been the victim of multiple data breaches in recent years. The most recent was in December 2020, when call-related information and phone numbers of a few customers were disclosed, but no more sensitive data such as names or Social Security numbers was exposed.
This isn’t the first time T-Mobile has been involved in a controversy. In February, the firm was sued by a victim of a SIM-swap attack who lost $450,000 in Bitcoin.
A breach involving the names, addresses, and account numbers of a few T-Mobile prepaid users occurred in 2019. The personal information of around 2 million T-Mobile customers was hacked in 2018.