T-Mobile has officially announced that it experienced a data breach. The rumblings of the breach occurred from a Motherboard story that discussed a forum post from a hacker. In this forum post, the hacker claimed to have access to 100 million T-mobile customer records and was selling them on the underground site. They wanted 6 bitcoin, worth roughly $270,000, for the data they described as “T-Mobile USA. Full customer info” when messaged by Motherboard parent Vice Media. This is not the first time T-Mobile has suffered a data breach.
First T-Mobile responded to the media, in particular Reuters and Motherboard, that they were investigating the veracity of the hacker’s claims. Finally, the company released the preliminary results from their investigation in a cybersecurity alert. This alert reads, in part, as follows:
We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.
As this T-Mobile story gains traction, journalists have been investigating the hackers behind the data breach. According to a tweet from Alon Gal, co-founder and CTO of cybercrime intelligence firm Hudson Rock, this appears to be politically motivated. In a DM conversation, the threat actor states the following:
This breach was done to retaliate against the US for the kidnapping and torture of John Erin Binns (CIA Raven-1) in Germany by CIA and Turkish intelligence agents in 2019... We did it to harm US infrastructure.
It is impossible to state whether this is a real motivation as hacking culture also has a long history of trolling. Attacking T-Mobile instead of an intelligence agency or military branch seems to be a little odd considering the motivations. However, it is true that T-Mobile is owned by the German Deutsche Telekom, and by attacking U.S. customers, two countries implicated in the hacker statement are affected. How much this affects the infrastructure of the United States remains to be seen, however.
In any case, regardless of motivations (or lack thereof), T-Mobile customers should be vigilant about how their data may be used and look for suspicious activity after this breach.
Featured image: Flickr / Mike Mozart