Not all data Violation Born to be equal. None of them are good, but they do have varying degrees of badness. Considering that they happen frequently, you may have become accustomed to news, which is understandable. Nevertheless, hackers claim that the T-Mobile vulnerabilities involving 100 million people’s data are worthy of your attention, especially if you are a “non-operator” customer.
As originally reported Press the motherboard On Sunday, someone on the dark web claimed to have obtained 100 million data from T-Mobile’s servers and sold part of it on underground forums for 6 bitcoins, which is about 280,000 U.S. dollars.The treasure trove includes not only names, phone numbers, and physical addresses, but also more sensitive data such as social security numbers, driver’s license information, and IMEI number, Bind to the unique identifier of each mobile device. Motherboard confirmation The data sample “contains accurate information about T-Mobile’s customers.”
A lot of information is already widely available, and social security numbers can even be found on any number of public record sites.There is also a reality that at this point, most people’s data Has leaked At a certain point. But the obvious T-Mobile vulnerability provides potential buyers with a data mix that can be used to produce huge results, rather than a way you might automatically assume.
Crane Hassold, Director of Threat Intelligence at Abnormal Security, an email security company, said: “SMS-based phishing messages can now be sent using phone numbers and names. These messages are made in a more credible way.” “This is the first thing I think of. One thing, look at this.”
Yes, the name and phone number are relatively easy to find. But a database that links the two together, as well as identifying someone’s carrier and fixed address, can make it easier to persuade someone to click on an advertising link, for example, to provide T-Mobile customers with special offers or upgrades. And do it collectively.
The same is true for identity theft. Similarly, a lot of T-Mobile data has existed in various forms of violations. But Abigail Showman, the team leader of the risk intelligence company Flashpoint, said that centralizing it can simplify the process for criminals or grudges or specific high-value victims in their hearts.
Although names and addresses may be quite common at this time, the International Mobile Equipment Identity is not. Because each IMEI number is associated with a particular customer’s mobile phone, knowing it may help in so-called SIM swap attacks. “This may cause account takeover issues,” Showman said, “because threat actors can obtain two-factor authentication or one-time passwords tied to other accounts, such as email, banking, or any other security features that use advanced authentication. Account-use the victim’s phone number.”
This is not a hypothetical question. SIM swap attacks have been rampant in the past few years, and T-Mobile has disclosed previous violations In February, Specifically used to execute them.
T-Mobile confirmed on Monday that a violation had occurred, but did not confirm whether customer data has been leaked. The company said in an email statement: “We have been working around the clock to investigate claims that T-Mobile data may be accessed illegally.” “We have determined that unauthorized access to certain T-Mobile data has occurred. Access, but we have not yet determined whether any personal customer data is involved. We believe that the entry point used to obtain access has been closed, and we are continuing to conduct an in-depth technical review of the entire system to determine any illegally accessed data nature.”