T-Mobile was recently the victim of a major data breach. Sensitive data was stolen from more than 50,000,000 customers, both current and prospective.
John Binns (21-year-old American living in Turkey) claimed that he was responsible for the attack. Binns claimed that he found an unprotected router after scanning T-Mobile's internet addresses looking for weak spots.
The unprotected router was used to gain access to T-Mobile's Washington data center. There, stored credentials gave him access to more than 100 servers. He claimed that he panicked at first because he had "access to something large" and then went on to say that T-Mobile's security was "abysmal."
He took about a week to search through the servers and find personal data for millions of customers. The data was downloaded on August 4. T-Mobile was notified that someone was selling customer data on August 13. T-Mobile confirmed this breach just days later.
T-Mobile later stated that more than 50,000,000 customers' data was accessed. Stolen data includes customer names and dates of birth. ID cards, licenses, and SSNs were also stolen. The Wall Street Journal confirmed that Binns was the hacker who sold the data, using his IRDev online pseudonym.
According to The Wall Street Journal, Binns claimed that he hack T-Mobile to make noise and get attention after he was allegedly kidnapped in Germany. Binns wouldn't say whether he sold any of his data, nor if he had had any accomplices. The hack is being investigated by the FBI's Seattle office.
T-Mobile customers affected by the incident can get two years of identity protection services free through McAfee’s ID Theft Protection Service. They can also implement Account Takeover Protection features.
