Tag Archive for: Awful

T-Mobile hacker who stole data on 50million customers: ‘Their security is awful’

/in


John Binns, a 21-year-old American who moved to Turkey a few years ago, told The Wall Street Journal he was behind the security breach. Mr. Binns, who since 2017 has used several online aliases, communicated with the Journal in Telegram messages from an account that discussed details of the hack before they were widely known.

The August intrusion was the latest in a string of high-profile breaches at U.S. companies that have allowed thieves to walk away with troves of personal details on consumers. A booming industry of cybersecurity consultants, software suppliers and incident-response teams have so far failed to turn the tide against hackers and identity thieves who fuel their businesses by tapping these deep reservoirs of stolen corporate data.

The breach is the third major customer data leak that T-Mobile has disclosed in the past two years. The Bellevue, Wash., company is the second-largest U.S. mobile carrier with roughly 90 million cellphones connecting to its networks.

The Seattle office of the Federal Bureau of Investigation is investigating the T-Mobile hack, according to a person familiar with the matter. “The FBI is aware of the incident and does not have any additional information at this time,” the Seattle office said in a statement Wednesday.

In messages with the Journal, Mr. Binns said he managed to pierce T-Mobile’s defenses after discovering in July an unprotected router exposed on the internet. He said he had been scanning T-Mobile’s known internet addresses for weak spots using a simple tool available to the public.

The young hacker said he did it to gain attention. “Generating noise was one goal,” he wrote. He declined to say whether he had sold any of the stolen data or whether he was paid to breach T-Mobile.

Several cybersecurity experts said the public details of the hack and reports of previous T-Mobile breaches show the carrier’s defenses need improvement. Many of the records reported stolen were from prospective clients or former customers long gone. “That to me does not sound like good data management practices,” said Glenn Gerstell, a former general counsel for…

Source…

T-Mobile’s Security is ‘Awful’ Says Hacker Who Stole Data From 50 Million Customers

/in


T-Mobile recently suffered a significant data breach that saw sensitive data from more than 50 million current, prospective, and former customers stolen.

tmobilelogo
John Binns, a 21-year-old American who lives in Turkey, told The Wall Street Journal that he is responsible for the attack. Binns said that he discovered an unprotected router in July after scanning T-Mobile’s known internet addresses for weak spots.

He used the unprotected router to access T-Mobile’s data center located in Washington, where stored credentials provided him access to over 100 servers. He said he initially panicked because he “had access to something big,” and went on to claim that T-Mobile’s “security is awful.”

It took him about a week to sort through the servers to find the personal data on millions of customers, and he downloaded the data on August 4. On August 13, T-Mobile was informed that someone was selling T-Mobile customer data, and T-Mobile confirmed the breach just days later.

T-Mobile has since said that data from more than 50 million customers was accessed. Stolen data includes customer names, dates of birth, SSNs, ID cards, and licenses. The Wall Street Journal took steps to confirm that the hacker selling the data was Binns, using his IRDev online alias.

Binns told The Wall Street Journal that he hacked T-Mobile to “generate noise” and get attention as he had allegedly been the victim of an illegal kidnapping that saw him taken to a fake mental hospital in Germany. Binns would not say whether he had sold any of the data that he stole, and it is not clear if he had accomplices. The Seattle office of the FBI is investigating the hack.

Affected T-Mobile customers can receive two years of free identity protection services through McAfee’s ID Theft Protection Service and can implement Account Takeover Protection features.

Source…

Hacker behind huge T-Mobile data breach says company’s security is ‘awful’

/in


The 21-year-old hacker who broke into T-Mobile’s servers and stole personal records for more than 50 million people says the company’s “awful” security made it easy — and that he did it for attention. 

“Generating noise was one goal,” hacker John Binns gloated in an interview with The Wall Street Journal. “Their security is awful.” 

Binns broke into T-Mobile’s servers earlier in August, stealing data on more than 54 million current, former and prospective customers, according to T-Mobile.

While some customers had social security numbers and birthdays exposed, others had unique phone-linked data like IMEI and IMSI numbers stolen — which other hackers could use as a starting point to take over victims’ phone lines, according to the Journal. 

Binns — who goes by screen names including IRDev and v0rtex — would not tell the paper whether he been paid to execute the hack or had sold any of the stolen data. He also would not say whether he worked alone. 

T-Mobile did not immediately reply to a request for comment on the report. The Federal Bureau of Investigation’s office in Seattle is reportedly investigating the hack.

Binns, an American who grew up in northern Virginia who moved to his mother’s home of Turkey at age 18, said that he accessed T-Mobile’s servers after discovering an unprotected router exposed on the internet. He then reportedly used the router as an entry point to breach T-Mobile’s data center in Washington state and made off with the stolen data around Aug. 4. 

Millions of T-Mobile customers had social security numbers and birthdays exposed.
SOPA Images/LightRocket via Gett

“I was panicking because I had access to something big,” Binns said.

As evidence of his involvement, Binns showed the newspaper that he had access to an account that had shared screenshots of T-Mobile’s internal systems. 

Glenn Gerstell, a former general counsel for the National Security Agency, told the Journal that Binns’ description of T-Mobile’s security system was concerning.

“That to me does not sound like good data management practices,” he said. 

Binns also claimed that he was being persecuted…

Source…

T-Mobile hacker says wireless carrier’s security “awful” – WSJ | WTVB | 1590 AM · 95.5 FM

/in


T-Mobile hacker says wireless carrier’s security “awful” – WSJ | WTVB | 1590 AM · 95.5 FM | The Voice of Branch County

Source…