T-Mobile hacked: 100 million customers data stolen, says hacker

T-Mobile’s servers were hacked, and databases containing the personal information of about 100 million consumers were stolen, according to a threat actor.


T-Mobile is investigating the alleged data breach, which was first reported on a hacker site after a threat actor claimed to be selling a database including 30 million people’s birthdates, driver’s license information, and social security numbers for six bitcoins ($280K).


The data’s sources aren’t mentioned in the forum post, but the threat actor claimed it was stolen from T-Mobile in a massive server breach.



Forum post selling T-Mobile data
Forum post selling T-Mobile data



T-Mobile’s staging, production, and development servers, as well as an Oracle database server storing customer data, were allegedly hacked two weeks ago, according to the threat actor.


This stolen data includes the IMSI, IMEI, phone numbers, customer names, security PINs, Social Security numbers, driver’s license numbers, and date of birth for about 100 million T-Mobile users.


The hacker claimed to have stolen the whole IMEI history database dating back to 2004.


T-Mobile customers’ data samples were provided by the threat actor, according to Motherboard, which was the first to report on the breach.


An IMSI (International Mobile Subscriber Identity) is a unique number linked with a user on a cellular network, whereas an IMEI (International Mobile Equipment Identity) is a unique number used to identify mobile phones.


As proof of the breach, the hacker provided a screenshot of an SSH connection to a production server running Oracle.


The threat actor claims to have stolen numerous databases totaling around 106GB of data, including T-Mobile’s customer relationship management (CRM) database, according to cybersecurity intelligence firm Cyble.


Following the breach, the threat actors did not contact the company and instead proceeded to sell it on forums where they already had potential buyers.


Threat actors notified Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, that the breach was carried out to damage US infrastructure.


You might also like:


Accenture hit by LockBit Ransomware

GIGABYTE ransomware attack: RasomEXX gang stole 112GB of data

Mint Mobile data breach: Hackers accessed personal data