T-Mobile Hacker Who Stole Data From 50 Million Customers Says 'Awful' Security Made It Easy

Kimberly Redmond  |

The hacker who broke into T-Mobile US Inc’s (Nasdaq:  TMUS) servers and stole personal data of more than 50 million former, current and prospective customers told The Wall Street Journal that the wireless carrier’s “awful” security made the breach easy to do.   

John Binns, the 21-year-old American who took responsibility for the high-profile hack that was disclosed last week by the company, reportedly used an unprotected router as an entry point to breach T-Mobile’s data center near East Wenatchee, Washington.

From there, it took Binns about a week to gain access to the servers that contained the personal data of 54 million people. By August 4, he had stolen millions of sensitive files.

“I was panicking because I had access to something big. Their security is awful," Binns, a Virginia native now living in Turkey, said. "Generating noise was one goal."

He would not confirm if the data he stole has already been sold or if someone else paid him to hack into T-Mobile. Binns also did not explicitly say he worked with others on the attack, but he did admit that he needed help in acquiring login credentials for databases inside T-Mobile's systems.

T-Mobile declined to comment to The Wall Street Journal on Binns’s claims, but the company has previously said it was “confident” it had closed the security holes used in the breach.  

The Federal Communications Commission (FCC) announced last week it will investigate the data breach, and the Federal Bureau of Investigation’s Seattle office is also probing the hack, according to The Journal.

T-Mobile has also been hit with a pair of class-action lawsuits in Washington federal court over the breach. 

The latest incident marks the third breach in two years for T-Mobile, the second-largest US wireless carrier, and suggests that the company is struggling to offer security to serve its rapidly growing customer base, Engadget noted.

Cyber experts have said that T-Mobile is just one of many companies and institutions that do not have the necessary security protocols in place to protect sensitive information, like social security numbers, birthdates and driver’s license information, according to Reuters.

Recent ransomware attacks around the world have taken down operations at oil pipelines, airports, hospitals, food processing plants and grocery chains.  

The Wall Street Journal’s exclusive report comes a day after President Joe Biden met with top business and tech leaders, including the chief executive officers of Amazon.com Inc, Apple Inc, JPMorgan Chase & Co and Alphabet Inc’s Google, to discuss cyber security issues.

_____

Source: Equities News

Market Movers

Sponsored Financial Content