Update: T-Mobile has confirmed a security breach, but says it doesn’t yet know the extent of it. Statement below.
A hacker is selling what they claim is personal data from 100 million T-Mobile customers in the US, stating that this means full records for each customer, including social security numbers…
The forum post itself doesn’t mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile servers […]
Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.
“T-Mobile USA. Full customer info,” the seller told Motherboard in an online chat. The seller said they compromised multiple servers related to T-Mobile.
The data appears comprehensive:
- Social security numbers
- Phone numbers
- Physical addresses
- Unique IMEI numbers
- Driver license information
The hacker says they are privately selling much of the data, but can supply 30 million social security numbers and driver license details for 6 bitcoin ($270,000). This data would be a prime target for identify theft.
T-Mobile initially neither confirmed nor denied the claim, but later issued an updated statement.
We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed.
This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.
We understand that customers will have questions and concerns, and resolving those is critically important to us. Once we have a more complete and verified understanding of what occurred, we will proactively communicate with our customers and other stakeholders.
A second massive LinkedIn breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries.
The hacker who obtained the data has posted a sample of 1M records, and checks confirm that the data is both genuine and up-to-date.
FTC: We use income earning auto affiliate links. More.