Not all data violations are created equal. None of them are good, but they come in varying degrees of bad. And given how often they happen, it’s understandable that you’ve become used to the news. Still, a T-Mobile breach that hackers said involved the data of 100 million people deserves your attention, especially if you’re a non-carrier customer.
As first reported by motherboard On Sunday, someone on the dark web claims to have obtained the data of 100 million T-Mobile servers and sells some of it on an underground forum for 6 bitcoins, or about $ 280,000. The treasury includes not only names, phone numbers and physical addresses, but also more sensitive data such as social security numbers, driver’s license information and IMEI numbers, unique identifiers linked to each mobile device. Motherboard confirmed that sample data “contained specific information about T-Mobile customers.”
Much of this information is already widely available, even Social Security numbers, which can be found on a number of public archive sites. There is also the reality that at this point most people’s data has been disclosed at one time or another. But T-Mobile’s apparent breach offers potential buyers a mix of data that could be put to good use, and not in ways you might automatically assume.
“Now is a great time to use phone numbers and names to send SMS phishing messages crafted in a little more credible way,” says Crane Hassold, director of threat intelligence at the company. email security Abnormal Security. “That’s the first thing I thought of when I looked at this.”
Yes, names and phone numbers are relatively easy to find. But a database that links these two together, along with the identification of someone’s operator and fixed address, makes it much easier to convince someone to click on a link that advertises, for example. , a special offer or an upgrade for T-Mobile customers. And to do it en masse.
The same is true for identity theft. Again, much of T-Mobile’s data is already available in various forms through various breaches. But centralizing it simplifies the process for criminals, or for someone with a grudge, or a high-value victim in mind, says Abigail Showman, team leader at risky intelligence firm Flashpoint.
And while names and addresses can be pretty common at this point, IMEI numbers aren’t. Because each IMEI number is tied to a specific customer’s phone, knowing it could help in a so-called SIM swap attack. “This could lead to account takeover issues,” says Showman, “because threat actors could have access to two-factor authentication or one-time passwords linked to other accounts, such as as email, bank or any other account using an advanced authentication security feature. – using the phone number of a victim.
It is not a hypothetical concern; SIM swap attacks have escalated in recent years, with previous breach leaked by T-Mobile in February of this year was used specifically to perform them.
On Monday, T-Mobile confirmed that a breach had occurred, but not if customer data had been compromised. “We have worked tirelessly to investigate allegations that T-Mobile’s data may have been accessed illegally,” the company said in an emailed statement. “We have determined that unauthorized access to certain T-Mobile data has occurred, but we have not yet determined that there was any personal customer data involved. We are confident that the point of entry used to access has been closed, and we are continuing our in-depth technical review of the situation in our systems to identify the nature of any data that has been illegally accessed.