As we previously reported on TechGenix, a major data breach occurred at T-Mobile, in turn exposing data belonging to millions of customers. The company uncovered the breach due to reports in the news media, namely Vice’s Motherboard, who had direct contact with the threat actors involved. In a recent statement, T-Mobile CEO Mike Sievert issued a detailed update intended to address how the cellular giant is handling the incident.
Admitting that the data breach had been a “humbling experience” for T-Mobile, Sievert says that the company has been working intensely to bolster security and mitigate damage. He also apologized to T-Mobile customers for allowing this breach to happen. One of the major takeaways from the statement is the results of the investigation, which can be found in the following excerpt:
Through our investigation into this incident, which has been supported by world-class security experts Mandiant from the very beginning, we now know how this bad actor illegally gained entry to our servers and we have closed those access points. We are confident that there is no ongoing risk to customer data from this breach.
We recognize that many are asking exactly what happened. While we are actively coordinating with law enforcement on a criminal investigation, we are unable to disclose too many details. What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data.
In short, this individual’s intent was to break in and steal data, and they succeeded.
However, what is interesting is how the company paints the threat actor in the light of extreme expertise. In the words of the actual attacker, it is claimed to the contrary that T-Mobile’s poor security is the cause instead of elite ability. When speaking with The Wall Street Journal, the hacker who goes by the alias John Binns, as well as hacker handles like RDev and v0rtex, stated that they were able to gain access to the company via poorly secured attack vectors. Binns specifically claimed that T-Mobile had an unsecured router that was found through “a simple tool available to the public.”
Cybersecurity experts have agreed lately on the reality that T-Mobile’s lax security is to blame for this breach. In various articles analyzing this attack, researchers are quick to note how this is just the latest in a string of major security incidents at the company. Back in 2020, T-Mobile experienced a data breach that they blamed on a “sophisticated attack,” and this is just one example of many in recent years.
Time will tell if this “humbling experience” leads to an overhaul of T-Mobile’s security.
Featured image: Flickr / Mike Mozart