Hacker Claims to Have 100 Million T-Mobile Users' Data

A hacker's post on a forum has revealed that the personal data of millions of T-Mobile customers might have been accessed from the company's servers and is now out for sale on the internet, Vice reported. After initial analysis, the company was able to confirm that a subset of its data had been accessed by unauthorized individuals.

The hacker had claimed that they were able to compromise several servers of the company and access the "full customer info" of its users in the USA. In an online chat with Vice's staff, the hacker has also shared some samples of the data and the website found the sample data to be authentic and belonging to a T-Mobile customer. 

In addition to the phone numbers and International Mobile Equipment Identity (IMEI), a unique number given to every mobile phone device, the hacker also had access to user's names, physical addresses, and driver's license information, the website said. T-Mobile estimates that data of 7.8 million of its current postpaid customers had been accessed along with 40 million past or prospective customers. But data accessed did not include phone numbers, account numbers, Personal Identification Numbers (PINs), passwords or any financial information. 

On the forum, the hacker has claimed that they could provide the data of about 30 million users for six Bitcoin. At the time of publishing this, that would be equivalent to US$283,000. According to the hacker's claims, this is still a small subset of data that they have access to. The majority of the data is being sold privately. 

In their response to queries raised by Interesting Engineering, a T-Mobile spokesperson also said, "We have also been able to confirm approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed. We have already proactively reset ALL of the PINs on these accounts to help protect these customers." However, Metro by T-Mobile, former Sprint prepaid, or Boost customers did not have their names or PINs exposed.

T-Mobile will publish a unique webpage later today with all information and solutions to help customers protect themselves, the spokesperson said. 

According to the information provided by the hacker to Vice, the company has identified the breach and fixed it, since they no longer have "backdoor" access to the servers, something that T-Mobile also confirmed.  However, the hacker claims to have downloaded data from the servers and created local copies with multiple backups.

This is not the first incident of a data breach at T-Mobile. The company began this year with an incident report that its servers had been accessed without authorization and hackers had gained access to customer proprietary network information (CPNI) which included phone numbers, the number of lines associated with an account, and call-related information. 

In 2018, the company had reported an "unauthorized capture of data" for about three percent of its total customer. During this breach, two million T-Mobile customers lost the privacy of their names, billing zip codes, phone numbers, email addresses, account numbers, and account type — prepaid or postpaid to hackers, Tech Crunch had then reported. 

When asked if the company plans to reach out to affected customers, the spokesperson said, "We understand that customers will have questions and concerns, and resolving those is critically important to us. Once we have a more complete and verified understanding of what occurred, we will proactively communicate with our customers and other stakeholders."

Update: (17 Aug 2021, 03:25 am) Article updated to include comments from T-Mobile spokesperson. 

Update2: (18 Aug 2021, 11:50 am) Article update to include newer updates from T-Mobile.