Not all data Violation Born to be equal. None of them are good, but they do have varying degrees of badness. Considering that they happen frequently, you may have become accustomed to news, which is understandable. Nevertheless, hackers claim that the T-Mobile vulnerability involving 100 million people’s data is worthy of your attention, especially if you are a non-operator customer.
As originally reported Press the motherboard On Sunday, someone on the dark web claimed to have obtained 100 million data from T-Mobile’s servers and sold part of it on underground forums for 6 bitcoins, which is about $280,000.The treasure trove includes not only names, phone numbers, and physical addresses, but also more sensitive data such as social security numbers, driver’s license information, and IMEI number, Bind to the unique identifier of each mobile device. Motherboard confirmation The data sample “contains accurate information about T-Mobile’s customers.”
A lot of information is already widely available, and social security numbers can even be found on any number of public record sites.There is also a reality that at this point, most people’s data Has leaked At some point. But the obvious T-Mobile vulnerability provides potential buyers with a data mix that can be used to produce huge results, rather than a way you might automatically assume.
Crane Hassold, Director of Threat Intelligence at Abnormal Security, an email security company, said: “SMS-based phishing messages can now be sent using phone numbers and names. These messages are made in a more credible way.” “This is the first thing that comes to my mind. ,look at this.”
Yes, the name and phone number are relatively easy to find. But a database that links the two together, as well as identifying someone’s carrier and fixed address, can make it easier to persuade someone to click on an advertising link, for example, to provide T-Mobile customers with special offers or upgrades. And do it collectively.
The same is true for identity theft. Similarly, a lot of T-Mobile data has existed in various forms of violations. But Abigail Showman, the team leader of the risk intelligence company Flashpoint, said that centralizing it can simplify the process for criminals or grudges or specific high-value victims in their hearts.
Although names and addresses may be quite common at this time, IMEI numbers are not. Because each IMEI number is associated with a specific customer’s mobile phone, knowing it can help in so-called SIM swap attacks. “This may cause account takeover issues,” Showman said, “because threat actors can obtain two-factor authentication or one-time passwords tied to other accounts, such as email, banking, or any other security features that use advanced authentication. Account-use the victim’s phone number.”
This is not a hypothetical question. SIM swap attacks have been rampant in the past few years, the previous violations disclosed by T-Mobile In February This year is dedicated to implementing them.
On Monday, T-Mobile confirmed that a violation had occurred, but did not confirm whether customer data had been leaked. The company said in an email statement: “We have been working around the clock to investigate claims that T-Mobile data may be accessed illegally.” “We have determined that unauthorized access to certain T-Mobile data has occurred. Access, but we have not yet determined whether any personal customer data is involved. We believe that the entry point used to gain access has been closed, and we are continuing to conduct an in-depth technical review of the entire system to determine the nature of any illegally accessed data .”