Hacker takes credit for 54 million T-Mobile data breach, calls security ‘awful’
A hacker who claims to be behind last week’s T-Mobile data breach that compromised 54 million people’s personal data told The Wall Street Journal in a story published today (Aug. 26) that the company’s “security is awful.”
John Binns, a 21-year-old American living in Turkey, his mother’s homeland, told the newspaper that he found an unprotected T-Mobile router online in July, then used that to pivot on Aug. 4 into more than 100 servers containing personal data of current and former customers at a T-Mobile data center in central Washington state.
“I was panicking because I had access to something big,” Binns told the Journal in a conversation on the Telegram encrypted-messaging platform.
The Journal said it verified Binns’ identity with a series of personal questions, and said the Telegram account he used had provided details of the T-Mobile hack before they became publicly known.
Binns would not tell the Journal whether he had sold any of the data he stole, or if he was paid to attack T-Mobile.
This is T-Mobile’s fifth or sixth data breach in the past three years, depending who’s counting. With such a dismal track record, you might consider taking your business elsewhere if you value your private data.
At least 54 million people affected
The breach came to light Aug. 15 after a hacker offered to sell part of the data, pertaining to 30 million T-Mobile customers, for six bitcoin (about $280,000) in a cybercriminal forum. The Journal implied that the seller may not have been Binns.
More than 54 million current, former and even prospective T-Mobile customers were affected, most of whom had their full names, dates of birth, Social Security numbers and current or former addresses compromised.
Those four bits of personal information are often all that’s required to open an account in someone else’s name, and the affected individuals are at serious risk of identity theft.
‘Generating noise’
Binns told the Journal that he attacked T-Mobile with the purpose of “generating noise,” but added that he had been persecuted by U.S. government agents while he was in Germany. Binns sued the CIA, the FBI and other federal agencies last year, the Journal said, and the case is still active.
When the…
