A threat actor claimed to have hacked T-Mobile’s servers and stolen databases containing the personal data of approximately 100 million customers.
T-Mobile is actively investigating the alleged data breach which first surfaced on a hacking forum after the threat actor claimed to be selling a database for six bitcoins (~$280K) containing birth dates, driver’s license numbers, and social security numbers for 30 million people.
The forum post does not mention the origins of the data but the threat actor had stated that they stole it from T-Mobile in a massive server breach.
The threat actor claims to have hacked into T-Mobile’s production, staging, and development servers two weeks ago, including an Oracle database server containing customer data.
This stolen data contains details for approximately 100 million T-Mobile customers and may include customers’ IMSI, IMEI, phone numbers, customer names, security PINs, Social Security numbers, driver’s license numbers, and date of birth.
The hacker said that the entire IMEI history database going back to 2004 was stolen.
An IMEI (International Mobile Equipment Identity) is a unique number used to identify mobile phones, while an IMSI (International mobile subscriber identity) is a unique number associated with a user on a cellular network.
The hacker provided a screenshot of an SSH connection to a production server running Oracle as proof of breach.
According to the cybersecurity intelligence firm Cyble, the threat actor claims to have stolen multiple databases totaling approximately 106GB of data, including T-Mobile’s customer relationship management (CRM) database.
The threat actors have not contacted the company after stealing and they decided to sell it on forums where they already have interested buyers.
The threat actors told Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, that they performed this breach to damage US infrastructure.