[TheRecord] T-Mobile confirms hack after customer data ends up for sale on cybercrime forum

US telecommunications giant T-Mobile has confirmed today that hackers breached some of its internal servers but said that it is still investigating if “any personal customer data” was stolen in the breach.

The company’s conflicting statement comes after a threat actor put up for sale the personal details of millions of T-Mobile customers on a cybercrime forum on Saturday, August 14.

While the hacker’s ad referenced 30 million T-Mobile customers, in a subsequent interview with news site Motherboard, the individual claimed the data was part of a larger package containing details for 100 million T-Mobile customers.

Image: The Record

Following the breach, on Sunday, the hacker also posted a statement of its own online, claiming that the breach occurred by gaining access to a T-Mobile GPRS gateway that was allegedly misconfigured.

The person who claims to have compromised T-Mobile says the company misconfigured a gateway GPRS support node that was apparently used for testing. It was exposed to the internet. That allowed the person to eventually pivot to the LAN. Proof screenshot supplied. pic.twitter.com/tBMvRBmG0r

— Jeremy Kirk (@Jeremy_Kirk) August 16, 2021

T-Mobile’s statement today, embedded in full at the bottom of this article, confirms a breach but does not go into details.

The company said it is still in the process of analyzing what data “illegally accessed.”

The incident marks the sixth security breach T-Mobile has disclosed since 2018; however, if the hacker’s claims are confirmed, this would be one of the largest US telco breaches to date.

We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed. We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement.

We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.

We understand that customers will have questions and concerns, and resolving those is critically important to us. Once we have a more complete and verified understanding of what occurred, we will proactively communicate with our customers and other stakeholders.

The post T-Mobile confirms hack after customer data ends up for sale on cybercrime forum appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

Daily NCSC-FI news followup 2020-03-16

Coronavirus-themed phishing attacks and hacking campaigns are on the rise www.zdnet.com/article/coronavirus-themed-phishing-attacks-and-hacking-campaigns-are-on-the-rise/ Opportunist crooks are exploiting coronavirus as part of their phishing attacks, malware, ransomware and more. The National Cyber Security Centre (NCSC) is warning that criminals are looking to exploit the spread of coronavirus to conduct cyberattacks and hacking campaigns. Experts at the NCSC the […]

Read More

[BleepingComputer] Google launches new Bug Hunters vulnerability rewards platform

Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof. […] Source: Read More (BleepingComputer)

Read More

[SecurityWeek] Cyberattack Forces Shutdown of Major U.S. Pipeline

All posts

Colonial Pipeline halts all fuel pipeline operations in response to ransomware attack read more Source: Read More (SecurityWeek RSS Feed)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.