T-Mobile is investigating a breach of its servers that has apparently resulted in the exposure of data connected to more than 100 million T-Mobile customers. The data is being sold on a hacker forum.
On Sunday, the wireless carrier confirmed that it was investigating a post on a hacker forum by a poster that claimed to be selling data related to T-Mobile customers. The poster claims to have acquired data on over 100 million people, taken from Magenta Network servers.
The data stems from “T-Mobile USA. Full customer info,” the forum poster told Motherboard. Multiple servers were allegedly compromised to get it.
The data appears to include names, phone numbers, physical addresses, IMEI numbers, driver license information, and social security numbers. Samples obtained in reports appear to be genuine.
Cybersecurity firm Cyble spoke to BleepingComputer, and said the attacker claims to have stolen multiple databases, acquiring some 106GB of data in the process.
The seller was offering the data on 30 million social security numbers, along with driver licenses, and was asking 6 bitcoin ($283,000) for the treasure trove of personal info. They said the rest of the data is being sold privately through other deals.
It is believed that T-Mobile knows about the intrusion, as the seller said “I think they already found out because we lost access to the backdoored servers.”
T-Mobile says it is “aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.”
With some 104.8 million subscribers as of Q2 2021, the latest breach may have contained information about almost all of T-Mobile’s customers.