430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

T-Mobile data breach could be worse than initially thought, 54 million customers impacted

T-Mobile data breach could be worse than initially thought, an update to the investigation reveals that over 54 million individuals were impacted. T-Mobile data breach could be worse than initially thought, according to an update to the investigation over 54 million customers had their data compromised. Recently T-Mobile has launched an investigation into a possible […]

T-Mobile

T-Mobile data breach could be worse than initially thought, an update to the investigation reveals that over 54 million individuals were impacted.

T-Mobile data breach could be worse than initially thought, according to an update to the investigation over 54 million customers had their data compromised.

Recently T-Mobile has launched an investigation into a possible security breach after a threat actor started offering for sale 100 million T-Mobile customer records on the dark web.

Bleeping Computer reported that the seller was asking for 6 bitcoin (around $270,000) for 30 million social security numbers and driver licenses, while privately selling the remaining data.

Stolen records included names, dates of birth, phone numbers, addresses, social security numbers, and driver’s license information.

The company also identified the issue exploited by attackers to access its infrastructure and addressed it.

T-Mobile provided additional info about the intrusion, it confirmed that some of the stolen files did include personal information and that financial data was not compromised.

On August 17, the preliminary analysis disclosed by the carrier revealed that the intrusion impacted roughly 7.8 million current postpaid customer accounts, as well as more than 40 million records of former and prospective customers. The attackers also compromised approximately 850,000 active prepaid customers.

Now the company has updated the advisory and revealed that additional 6 million customers or prospective customers have been affected by the intrusion.

“We previously reported information from approximately 7.8 million current T-Mobile postpaid customer accounts that included first and last names, date of birth, SSN, and driver’s license/ID information was compromised. We have now also determined that phone numbers, as well as IMEI and IMSI information, the typical identifier numbers associated with a mobile phone, were also compromised. Additionally, we have since identified another 5.3 million current postpaid customer accounts that had one or more associated customer names, addresses, date of births, phone numbers, IMEIs and IMSIs illegally accessed. These additional accounts did not have any SSNs or driver’s license/ID information compromised.” reads the update. “Separately, we have also identified further stolen data files including phone numbers, IMEI, and IMSI numbers. That data included no personally identifiable information.”

The Telco confirmed that the threat actors also stole IMSI and IMEI numbers, while financial data were not exposed.

T-Mobile customers have to be vigilant on phishing emails and SMS texts, never provide their information, click on embedded links, or open attachments.

Resecurity researchers warn that stolen data put millions of customers and their privacy at risk.

“In online forums and private communications, hackers are selling different sets of data linked to the breach, asking between $80,000 and 6 bitcoin ($270,000) for access to the information.” said Gene Yoo, CEO of RESecurity.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]