A hacker who stole 50 million customer data from T-Mobile said 'their security is terrible' about mobile carriers

T-Mobile, one of the world's leading mobile carriers, has stolen customer data for about 50 million people by hacking. 'Security was terrible,' said the person who made the hack in a media interview.

T-Mobile Hacker Who Stole Data on 50 Million Customers:'Their Security Is Awful' --WSJ


T-Mobile hacker speaks out in WSJ interview, says carrier has'awful' security ―― 9to5Mac

On August 16, 2021, it was reported that T-Mobile may have leaked customer data for more than 100 million users. T-Mobile admitted that it was hacked, but said it would continue to investigate the leaked data. After a detailed investigation after that, 47.8 million customer data were leaked, and some users' social security numbers and driver's licenses, T-Mobile account PINs, etc. were leaked. I am announcing that there was.

Will T-Mobile leak personal information for 100 million people?-GIGAZINE

John Bins, a 21-year-old American hacker who immigrated to Turkey a few years ago, stole the customer information for about 50 million people. Bins, who had been interacting with The Wall Street Journal before the details of the hack were revealed, responded to the interview by presenting multiple pieces of evidence to show that he had hacked.

Mr. Binz's method of hacking T-Mobile's system was to 'explore a vulnerability in T-Mobile's known Internet address.' Around July 2021, he said he discovered an unsecured router and used the credentials stored on it to access T-Mobile's servers and steal customer information.

No details have been revealed, but Bins said, 'I used a simple tool that was open to the public to look for weaknesses in T-Mobile's Internet address.'

According to Bins, who was able to access T-Mobile's Washington data center using the method described above, there are more than 100 servers in the data center, initially accessing too much data. He said he panicked because it became possible. 'Their security is terrible,' Bins said, as it made it possible to access large amounts of data in a relatively easy way.

In addition, it took 'about one week' for Mr. Bins to be able to access the server where customer data for tens of millions of people is stored, and on August 4, he stole a large amount of customer data from the server. It seems to be.

Mr. Binz says he hacked T-Mobile 'to get attention.' During interviews, Mr. Bins frequently complained that he was 'a victim of an illegal kidnapping case in which he was taken to a fake German mental hospital by U.S. authorities,' to inform the public. It was supposed to be a hack. 'I have no reason to make up the story of a fake kidnapping case. I hope the details of this case will be leaked from within the FBI,' he said.

Mr. Bins talked about his motives, but did not disclose whether he sold the stolen data or whether he was rewarded by a third party for hacking T-Mobile.

in Mobile,   Security, Posted by logu_ii