Tag: Awful | SpinSafe

Hacker Claims T-Mobile’s ‘Awful’ Security Gave Him Access to 50 Million Accounts

August 31, 2021/in Internet Security

Now living in Turkey, hacker John Binns shared with the Wall Street Journal how he breached T-Mobile’s network and gained access to 50 million accounts in July. He didn’t use any sophisticated tools or highly complex methods to breach T-Mobile’s security. Instead, the hack job was made easy because the mobile carrier’s security is lax, claims Binns.

Binns said he could access T-Mobile’s network through an unprotected router in the company’s data center near East Wenatchee, Washington. He discovered the vulnerable piece of hardware using a publicly available scanning tool that he pointed at T-Mobile’s widely known internet addresses.

“I was panicking because I had access to something big,” said Binns to the Wall Street Journal. “Their security is awful.”

Binns is a known hacker who has been perfecting his craft online since 2017 using various online aliases. He shared the details on this T-Mobile hack with the WSJ before the wireless carrier publicly confirmed the intrusion.

Binns declined to confirm whether he was paid to conduct the hack or sold the data he obtained.

T-Mobile CEO Mike Sievert said he was “truly sorry” for the intrusion that affected 50 million people.

“We didn’t live up to the expectations we have for ourselves to protect our customers. Knowing that we failed to prevent this exposure is one of the hardest parts of this event.”

T-Mobile CEO Mike Sievert via AP

The company confirmed that the hack exposed names, social security numbers, driver’s license information, and more. Over 40 million customers who applied for T-Mobile credit were affected by this breach. Also involved were 7.8 million current T-Mobile subscribers who pay for their service on a monthly basis.

T-Mobile has reached out to those accounts that were compromised in this breach. If you are not sure if your account was involved, you can contact T-Mobile customer service or log into your account.

Those who were not affected should see a banner on their account page that confirms the hacker did not steal their account data.

Source…

T-Mobile customers are left feeling frustrated as hacker comes forward, calling the company’s security ‘awful’

August 28, 2021/in Internet Security

a man standing in front of a sign: Drew Angerer/Getty Images

© Provided by Business Insider
Drew Angerer/Getty Images

An American man living in Turkey claims to be the hacker behind a massive T-Mobile breach, the Wall Street Journal reported.
T-Mobile customers are left feeling frustrated by their wireless carrier over security concerns.
Customers are experiencing fraudulent charges on debit cards and spam calls and text messages after the breach.
See more stories on Insider’s business page.

T-Mobile customers are dealing with the fallout of a security breach that exposed the personal information of more than 53 million people, with some telling Insider they’ve recently experienced fraudulent charges on debit cards and spam calls and text messages.

Load Error

Customers also expressed frustration that the man who took responsibility for the attack said it was easy.

“Their security is awful,” John Binns, a 21-year-old American who now lives in Turkey, told The Wall Street Journal on Friday, claiming to be the hacker behind the breach.

Binns gained access to the servers after discovering an unprotected router by scanning T-Mobile’s internet address for weak spots, The Journal reported. Over 53 million people had personal information compromised in the hack such as names, addresses, dates of births, phone numbers, Social Security numbers, and driver’s license information.

Many customers are now dealing with the repercussions of the hack and feel as though T-Mobile is not doing enough to protect them as some information hits the dark web.

Eddie Richards, a T-Mobile customer from Elizabethtown, Kentucky, told Insider he did not know about the hack until it reached the news. Richards is part of T-Mobile’s family plan, and while only the primary account holder was notified of the data breach by the company, he believes that all customers should have been made aware.

“It just frustrates me, honestly,” Richards said. “If our data is a priority for you guys to keep safe, how come I haven’t gotten a notification or anything like that?”

Gallery: If You Hear This When You Answer the Phone, Hang Up Immediately (Best Life)

The telecom company has previously said that no financial information was compromised in the breach, but…

Source…

T-Mobile hacker calls the carrier’s security ‘awful’ in new interview

August 28, 2021/in Internet Security

It’s been over a week since T-Mobile confirmed a hack of its servers affecting tens of millions of customers. The carrier closed the access point quickly, but the hacker had already started selling stolen data by then. This week, as T-Mobile deals with the fallout of the breach, a hacker claiming responsibility for the attack sat down with The Wall Street Journal for an interview. In the interview, the hacker, John Binns, rakes T-Mobile over the coals for its poor security.

The T-Mobile hacker speaks out

Binns told the WSJ that he first discovered an unprotected router of T-Mobile’s in July. He said he had been scanning T-Mobile’s known internet addresses for vulnerabilities using a tool that anyone could download. He wouldn’t say whether or not he had actually sold any of the data he stole, although the initial Motherboard report made it clear that the data was up for sale.

After infiltrating T-Mobile’s data center in Washington, Binns had access to over 100 servers. It then took him about a week to dig through the servers containing personal information from current and former subscribers. On August 4th, he lifted the data that he would later try to sell.

“Their security is awful,” Binns told the WSJ over Telegram in the interview.

The story only gets stranger

Beyond profiting off of stolen data, Binns also wants to bring attention to his alleged persecution by the US government. Binns says he grew up in the US, but moved to Turkey three years ago. A relative in the US tells the Journal that Binns called last year claiming to be a computer expert that had been kidnapped and taken to a hospital against his will.

“He gushed about how he could do anything with a computer,” his relative explained.

Binns apparently repeated these claims in Telegram messages with the Journal. He says that he was abducted in Germany and put into a fake mental hospital.

“I have no reason to make up a fake kidnapping story and I’m hoping that someone within the FBI leaks information about that,” he explained to the Journal, revealing that this was the reason that he wanted to come forward and speak publicly about the hack.

Following the hack, T-Mobile announced that it would…

Source…

Hacker takes credit for 54 million T-Mobile data breach, calls security ‘awful’

August 27, 2021/in Computer Security

A hacker who claims to be behind last week’s T-Mobile data breach that compromised 54 million people’s personal data told The Wall Street Journal in a story published today (Aug. 26) that the company’s “security is awful.”

John Binns, a 21-year-old American living in Turkey, his mother’s homeland, told the newspaper that he found an unprotected T-Mobile router online in July, then used that to pivot on Aug. 4 into more than 100 servers containing personal data of current and former customers at a T-Mobile data center in central Washington state.

“I was panicking because I had access to something big,” Binns told the Journal in a conversation on the Telegram encrypted-messaging platform.

The Journal said it verified Binns’ identity with a series of personal questions, and said the Telegram account he used had provided details of the T-Mobile hack before they became publicly known.

Binns would not tell the Journal whether he had sold any of the data he stole, or if he was paid to attack T-Mobile.

This is T-Mobile’s fifth or sixth data breach in the past three years, depending who’s counting. With such a dismal track record, you might consider taking your business elsewhere if you value your private data.

At least 54 million people affected

The breach came to light Aug. 15 after a hacker offered to sell part of the data, pertaining to 30 million T-Mobile customers, for six bitcoin (about $280,000) in a cybercriminal forum. The Journal implied that the seller may not have been Binns.

More than 54 million current, former and even prospective T-Mobile customers were affected, most of whom had their full names, dates of birth, Social Security numbers and current or former addresses compromised.

Those four bits of personal information are often all that’s required to open an account in someone else’s name, and the affected individuals are at serious risk of identity theft.

‘Generating noise’

Binns told the Journal that he attacked T-Mobile with the purpose of “generating noise,” but added that he had been persecuted by U.S. government agents while he was in Germany. Binns sued the CIA, the FBI and other federal agencies last year, the Journal said, and the case is still active.

When the…

Source…

Tag Archive for: Awful

The T-Mobile hacker speaks out

The story only gets stranger