Hacker Claims to Have Data on More Than 100 Million T-Mobile Customers, Asks for $277,000

Business

Gizmodo 15 August, 2021 - 05:02pm 37 views

T-Mobile is investigating an alleged data breach affecting 100 million users - and the hacker is offering private data in exchange for bitcoin

Yahoo News 15 August, 2021 - 05:58pm

The seller, according to the forum post, is asking for bitcoins in exchange.

The potential data breach is said to have compromised 100 million users.

T-Mobile on Sunday said it is looking into an alleged massive data breach compromising over 100 million users based on a claim made in an underground forum post, according to Vice's Motherboard.

The seller, according to the post, is asking for bitcoin in exchange.

While the post did not mention T-mobile per se, the seller did mention that the data came from T-mobile's servers.

"T-Mobile USA. Full customer info," the seller said in the post, according to Motherboard.

This information included details such as social security numbers, phone numbers, names, physical addresses, and driver's licenses information, the seller said, according to Motherboard.

In exchange, the seller wants six bitcoins, worth around $274,000 as of publishing, just for a portion of the data, which would consist of 30 million social security numbers and driver's licenses.

The seller, according to Motherboard, said they are privately offering the rest of the data.

Shortly after, the seller mentioned being booted out of the servers but claimed to have backed up the data.

"I think they already found out because we lost access to the backdoored servers," the seller said, according to Motherboard. "It's backed up in multiple places."

A T-mobile spokesperson said the company is "aware of claims made in an underground forum" and is "actively investigating their validity."

"We do not have any additional information to share at this time," the spokesperson added.

Cryptocurrencies have been at the center of recent high-profile cyberattacks, demanded as ransom by criminals because transactions are either anonymous or very difficult to trace.

In the US, the Biden administration is said to be ramping up efforts to trace cryptocurrencies used in cyberattacks and is planning to offer bounties of up to $10 million for information that will help catch criminals.

Read the original article on Business Insider

T-Mobile is looking into a data breach that might have compromised sensitive data for over 100 million customers.

T-Mobile US Inc. confirmed Sunday that it is investigating claims that a hacker is attempting to sell personal data on more than 100 million of its customers.

The US Tsunami Warning System has forecasted "hazardous tsunami waves" to follow the earthquake.

About one-third of American travelers have postponed travel because of the delta variant, according to an Aug. 4 survey.

The new delivery surcharges could add extra pressures to merchants and retailers' operating costs because businesses must either absorb the increases or pass them on to their customers.

On Wednesday, Vikings coach Mike Zimmer said rookie quarterback Kellen Mond wouldn’t play in the preseason opener against the Broncos. Mond played a lot, handling six drives as only one of two quarterbacks who played for Minnesota against Denver. After the game, Zimmer denied saying that Mond wouldn’t play. “I never said that,” Zimmer said [more]

Photos seem to confirm that USWNT's Kristie Mewis and Aussie Sam Kerr are romantically involved. ⚽️

Stone and Parker told Colorado governor Jared Polis that they have tentatively agreed to purchase Casa Bonita, which had entered Chapter 11 bankruptcy.

The parents of a toddler who was hit by a foul ball during a 2019 Houston Astros game, fracturing her skull, have reached a settlement with the team, according to the family's lawyer. In a petition filed Thursday, parents Jonathan David Scott and Alexandra Colchado claimed that "acts and omissions constituting negligence" caused their daughter to sustain "injuries and damages" during a game at Minute Maid Stadium in Houston on May 29, 2019. During the fourth inning of the game, their daughter, who was 2 years old at the time, was hit by a ball off the bat of Cubs center fielder Albert Almora Jr. She suffered a fractured skull and has a permanent brain injury, the family's lawyer, Richard Mithoff, told ABC News.

Tesla CEO Elon Musk tweeted that there will be a county fair and a factory tour in October at the company's new electric vehicle plant in Germany.

Under the plan, co-created by Ben Carson, who was Trump's HUD secretary, developers could circumvent California Environmental Quality Act regulations.

Recent research suggests chunks of Zealandia, an eighth continent that disappeared under the Pacific Ocean, might be 1.3 billion years old.

A spokesperson for New York City Mayor Bill de Blasio previously said the app was not designed to verify the information submitted to it.

Huawei has been accused of pushing a US company into installing a data backdoor for a Pakistani project, but the truth isn't clear.

Elon Musk renewed his support for meme cryptocurrency dogecoin, saying he sees it as a strong means of payment.

(Bloomberg) -- The Biden administration plans to announce the biggest long-term increase in food stamp benefits in the program’s history, giving Americans more money to buy groceries and adding billions of dollars in costs to the government.Average benefits in October will go up by more than 25% from pre-pandemic levels for the 42 million people in the program, a U.S. official said, speaking on condition of anonymity before an announcement planned for Monday.The increase means that average month

Mindy Jensen is the co-host of the "BiggerPockets Money" podcast and the co-author of "First-Time Home Buyer, The Complete Playbook To Avoiding Rookie Mistakes." She's also a licensed real estate...

From old-fashioneds and Mai Tais to house margaritas and Manhattans, here are the alcoholic drinks to order and avoid, according to the pros.

T-Mobile US Inc. (NASDAQ: TMUS) is investigating an online forum post that claims the personal data of over 100 million users have been compromised, Vice reports. A hacker claims to have gained access to the T-Mobile servers obtaining data, including social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information. The hacker is asking for 6 Bitcoin (CRYPTO: BTC), around $270,000, for a subset of the data containing 30 million social securit

Photos from the New York State Police show the crumpled bus lying on its side with the windshield apparently smashed out.

Hacker claims to steal data of 100 million T-mobile customers

BleepingComputer 15 August, 2021 - 05:27pm

Ransomware gang uses PrintNightmare to breach Windows servers

Ukraine shuts down money laundering cryptocurrency exchanges

Notorious AlphaBay darknet market comes back to life

Microsoft Exchange servers are getting hacked via ProxyShell exploits

Hacker claims to steal data of 100 million T-mobile customers

EasyWSL turns Linux docker images into a Windows 10 WSL distro

Ford bug exposed customer and employee records from internal systems

Master Microsoft 365 with over $200 off this 9-hour certified course

How to remove the PBlock+ adware browser extension

Remove Security Tool and SecurityTool (Uninstall Guide)

How to remove Antivirus 2009 (Uninstall Instructions)

How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller

Locky Ransomware Information, Help Guide, and FAQ

CryptoLocker Ransomware Information Guide and FAQ

CryptorBit and HowDecrypt Information Guide and FAQ

CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ

How to make the Start menu full screen in Windows 10

How to install the Microsoft Visual C++ 2015 Runtime

How to open an elevated PowerShell Admin prompt in Windows 10

How to Translate a Web Page in Google Chrome

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

A threat actor claims to have hacked T-Mobile's servers and stolen databases containing the personal data of approximately 100 million customers.

The alleged data breach first surfaced on a hacking forum yesterday after the threat actor claimed to be selling a database for six bitcoin (~$280K) containing birth dates, driver's license numbers, and social security numbers for 30 million people.

While the forum post does not state the origins of the data, the threat actor told BleepingComputer that they took it from T-Mobile in a massive server breach.

The threat actor claims to have hacked into T-Mobile's production, staging, and development servers two weeks ago, including an Oracle database server containing customer data.

This stolen data allegedly contains the data for approximately 100 million T-Mobile customers and can include customers' IMSI, IMEI, phone numbers, customer names, security PINs, Social Security numbers, driver's license numbers, and date of birth.

"Their entire IMEI history database going back to 2004 was stolen," the hacker told BleepingComputer.

An IMEI (International Mobile Equipment Identity) is a unique number used to identify mobile phones, while an IMSI (International mobile subscriber identity) is a unique number associated with a user on a cellular network.

Cybersecurity intelligence firm Cyble told BleepingComputer yesterday that the threat actor claims to have stolen multiple databases totaling approximately 106GB of data, including T-Mobile's customer relationship management (CRM) database.

Motherboard, who first reported on this breach, said they could verify that data samples provided by the threat actor belonged to T-Mobile customers.

When asked if they attempted to ransom the stolen data to T-Mobile, the threat actors said they never contacted the company and decided to sell it on forums where they already have interested buyers.

BleepingComputer has contacted T-Mobile but did not receive a response to our query at this time. However, Motherboard received a reply stating they are investigating the alleged data breach.

"We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time," T-Mobile told Motherboard.

The threat actors tol Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, that they performed this hack to damage US infrastructure.

"This breach was done to retaliate against the US for the kidnapping and torture of John Erin Binns (CIA Raven-1) in Germany by CIA and Turkish intelligence agents in 2019," the threat actors told Gal in a conversation.

"We did it to harm US infrastructure."

Binns is a resident of Turkey who sued the FBI, CIA, and Department of Justice in 2020.

The complaint alleges that Binn was tortured and harassed by the US and Turkish governments and is seeking to compel the USA to release documents regarding these activities under the Freedom of Information Act.

Windows 365 exposes Microsoft Azure credentials in plaintext

Vice Society ransomware joins ongoing PrintNightmare attacks

To receive periodic updates and news from BleepingComputer, please use the form below.

Not a member yet? Register Now

Read our posting guidelinese to learn what content is prohibited.

T-Mobile investigates claims of giant customer data breach | Engadget

Mashable 15 August, 2021 - 03:29pm

It's not certain how the perpetrator obtained the info. T-Mobile supposedly booted the attacker out of the servers, but not before they downloaded and purportedly backed up the content.

The network has a less-than-stellar history of breaches in recent years. Hackers compromised sensitive customer info in late 2019, while a late 2020 attack scraped limited data for about 200,000 users. If the forum claims are accurate, though, this is much more serious. T-Mobile had over 104.7 million customers as of the second quarter of 2021 — this breach might affect virtually every user. While it's not certain just how much real damage has been done, you might want to watch out for suspicious activity if you're a magenta subscriber.

T-Mobile Investigating Claims of Massive Customer Data Breach

VICE 15 August, 2021 - 10:03am

The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller said. Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.

"T-Mobile USA. Full customer info," the seller told Motherboard in an online chat. The seller said they compromised multiple servers related to T-Mobile.

On the underground forum the seller is asking for 6 bitcoin, around $270,000, for a subset of the data containing 30 million social security numbers and driver licenses. The seller said they are privately selling the rest of the data at the moment.

"I think they already found out because we lost access to the backdoored servers," the seller said, referring to T-Mobile's potential response to the breach.

They said that although it appears T-Mobile has since kicked them out of the hacked servers, the seller had already downloaded the data locally.

"It's backed up in multiple places," they said.

T-Mobile said in a statement to Motherboard that "We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time." T-Mobile repeatedly declined to answer follow-up questions about the scale of the breach.

By signing up to the VICE newsletter you agree to receive electronic communications from VICE that may sometimes include advertisements or sponsored content.

Want synergy? NASCAR Cup Series is on Indy's road course ... and so is IndyCar! | KEN WILLIS

Engadget 14 August, 2021 - 04:30am

NASCAR’s Xfinity Series and IndyCar each race on Indy’s road course today (um, yes, separately); NASCAR’s Cup Series races on that same 14-turn course Sunday, after 27 years on the historic oval.

Too bad Bob Jenkins misses it. Over his long and understatedly great career, Jenkins smoothly straddled both sides of the North American racing world  — the fendered and unfendered. Today it seems like a natural fit, an easy back-and-forth, what the corporate suits excitedly label valuable synergy.

Sure, most of us need the history books to tell us about the day in 1954 when NASCAR founder Big Bill France visited Indy in May, only to be ushered out of Gasoline Alley and the Speedway entirely — and not in a “good to see you, thanks for coming” sort of way.

IndyCar racing was seeing its share of the pie shrink considerably as the appetite for NASCAR was exploding among race fans, broadcasters and, yep, maybe most importantly, those in the corner corporate offices — the Daytona and Indy 500s are huge on their own, but the Fortune 500 offered a whole new level of horsepower. Cubic dollars, they've always called it in racin'.

The inaugural Brickyard 400 might’ve been the hottest ticket in auto-racing history. The race itself provided some dramatic intrigue (Geoff and Brett Bodine wrecking each other and then publicly airing their dirty laundry) as well as the most popular winner available (Indiana-groomed Jeff Gordon).

But it wasn’t too many more years before everyone realized Indy's long straights and low-banked corners rarely provided the physical type of NASCAR racing you see in the commercials. Along the way and over another decade or more, North America’s sports-entertainment options multiplied, as did the way we consumed them — from networks and cable to today’s streaming and digital options. 

As much as anything else, maybe more, the shrinking pie led to this weekend’s road-course tripleheader involving two very different types of racing. New (yet old) management in both enterprises can’t be overlooked — Roger Penske and Jim France have plenty of traditionalist DNA, but they’re very open to new ways of operating IndyCar and NASCAR.

It’s hard to measure whether or not those two worlds need each other, but it’s hard to imagine they can’t — or won’t — benefit from each other. 

Business Stories