Conversation

Notices

GeniusMusing (geniusmusing@nu.federati.net)'s status on Monday, 16-Aug-2021 21:15:00 EDT GeniusMusing

The "S" in T-Mobile stands for security...

T-Mobile Investigating Claims of Massive Data Breach – Krebs on Security
https://krebsonsecurity.com/2021/08/t-mobile-investigating-claims-of-massive-data-breach/

>Communications giant T-Mobile said today it is investigating the extent of a breach that hackers claim has exposed sensitive personal data on 100 million T-Mobile USA customers, in many cases including the name, Social Security number, address, date of birth, phone number, security PINs and details that uniquely identify each customer’s mobile device.
>
>On Sunday, Vice.com broke the news that someone was selling data on 100 million people, and that the data came from T-Mobile. In a statement published on its website today, the company confirmed it had suffered an intrusion involving “some T-Mobile data,” but said it was too soon in its investigation to know what was stolen and how many customers might be affected.

snip

>The hacker(s) claim the purloined data also includes IMSI and IMEI data for 36 million customers. These are unique numbers embedded in customer mobile devices that identify the device and the SIM card that ties that customer’s device to a telephone number.
>
>“If you want to verify that I have access to the data/the data is real, just give me a T-Mobile number and I’ll run a lookup for you and return the IMEI and IMSI of the phone currently attached to the number and any other details,” @und0xxed said. “All T-Mobile USA prepaid and postpaid customers are affected; Sprint and the other telecoms that T-Mobile owns are unaffected.”
>
>Other databases allegedly accessed by the intruders included one for prepaid accounts, which had far fewer details about customers.
>...

In conversation Monday, 16-Aug-2021 21:15:00 EDT from nu.federati.net permalink
1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Tuesday, 17-Aug-2021 01:26:07 EDT lnxw48a1
  in reply to
  
  @geniusmusing Forwarding the link to sons. We were all Sprint customers, so according to the link, unaffected. But this assumes that the customer databases remain completely unmerged, which cannot be ascertained from outside the combined company.
  
  In conversation Tuesday, 17-Aug-2021 01:26:07 EDT from nu.federati.net permalink
  1. GeniusMusing (geniusmusing@nu.federati.net)'s status on Tuesday, 17-Aug-2021 08:29:16 EDT GeniusMusing
    in reply to
    
    Also on Sprint but was also on t-mo a long time ago, not sure if they keep their data for more than a decade but the only thing that would be valid would be name, DOB, SS number, everything else has changed a couple of times since then.
    
    In conversation Tuesday, 17-Aug-2021 08:29:16 EDT from nu.federati.net permalink
    1. GeniusMusing (geniusmusing@nu.federati.net)'s status on Wednesday, 18-Aug-2021 08:19:10 EDT GeniusMusing
      in reply to
      
      T-Mobile Offers Free Identity Theft Service After Massive Hack
      https://gizmodo.com/t-mobile-offers-free-identity-theft-protection-after-ha-1847507318
      
      >T-Mobile will offer two years of free identity theft protection services after hackers stole data on roughly 49 million customers and potential customers, according to a statement from the mobile carrier. The data breach only became public over the past weekend after hackers offered to sell the data for six bitcoin, or roughly $272,400 based on the current price.
      >
      >T-Mobile first confirmed data was stolen on Monday but the company didn’t share at that time what was stolen. The mobile carrier now says the compromised data of 48 million customers includes first and last names, dates of birth, social security numbers, and driver’s license information. An additional 850,000 T-Mobile prepaid customer names, phone numbers, and account PINs were also compromised.
      >
      >“While our investigation is still underway and we continue to learn additional details, we have now been able to confirm that the data stolen from our systems did include some personal information,” T-Mobile told Gizmodo in a statement over email.
      >
      >While T-Mobile says data on roughly 49 million people was taken, the hackers say it’s closer to 100 million. Thankfully, neither the hackers nor T-Mobile claim any credit card information has been compromised.
      >...
      In conversation Wednesday, 18-Aug-2021 08:19:10 EDT from nu.federati.net permalink
      Attachments
      
      Invalid filename.
      
      T-Mobile Offers Free Identity Theft Protection After Hackers Steal Data on Millions of Customers
      
      from Gizmodo
      
      Data on at least 49 million T-Mobile customers was compromised.
2. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Tuesday, 17-Aug-2021 02:28:38 EDT lnxw48a1
  in reply to
  
  @geniusmusing T-Mo announcement: https://www.t-mobile.com/news/network/cybersecurity-incident-update-august-2021
  In conversation Tuesday, 17-Aug-2021 02:28:38 EDT from nu.federati.net permalink
  Attachments
  1. Invalid filename.
    
    T‑Mobile Cybersecurity Incident Update | T‑Mobile Newsroom
    
    from T-Mobile Newsroom
    
    We have been working around the clock to investigate claims being made that T‑Mobile data may have been illegally accessed. We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement.

Public

Notices