- A hacker claims to have stolen the personal information of 100 million T-Mobile customers.
- Motherboard was able to see a sample of this information and verify its accuracy.
- T-Mobile has now confirmed the hack exposed the personal info of over 47 million people.
Update: August 18, 2021 (11:28 AM ET): T-Mobile has posted a new update on the data hack on its website. It now says that the personal info of over 7.8 million current postpaid customers were included in the stolen data files, along with the personal info of over 40 million other people who are either former customers or who were possible users that applied for credit with T-Mobile. Some of that data included “first and last names, date of birth, SSN, and driver’s license/ID information.”
The carrier claims that “no phone numbers, account numbers, PINs, passwords, or financial information” from postpaid users were included in the files that were taken during the hack. However, T-Mobile is still advising all of its postpaid customers to change their PIN number as a proactive measure. It will also offer two years of free identity protection services to everyone affected by the hack.
As far as the company’s prepaid customers, T-Mobile has confirmed that the accounts of 850,000 active prepaid user names, phone numbers, and account PINs were part of the hack. T-Mobile says it has gone ahead and reset all of those PIN numbers and will be informing those customers soon. Some inactive prepaid user info was exposed as well, but T-Mobile says no financial info was in those files.
Original article: August 16, 2021 (1:26 AM ET): A massive data breach may have exposed the sensitive personal information of as many as 100 million T-Mobile customers. The information reportedly includes people’s social security numbers, phone numbers, physical addresses, IMEI numbers, and driver’s licenses.
According to Motherboard, the hacker claims to have obtained the information from multiple T-Mobile servers. The publication has seen samples of the data and confirms that it contains accurate details about T-Mobile users.
The hacker is also looking to make a pretty penny by selling this huge trove of personal data on an underground forum. The asking price is six bitcoins, which amounts to around $270,000, for a subset of data of 30 million T-Mobile customers.
“I think they already found out because we lost access to the backdoored servers,” the sellers told Motherboard, referring to T-Mobile’s actions against the breach. However, the hacker claims to have already downloaded the customer data locally. “It’s backed up in multiple places,” they said.
Related: How to cancel T-Mobile services
Meanwhile, T-Mobile has started investigating the matter. The company issued the following statement in response to the alleged hack:
We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.
It’s unclear what’ll happen to the stolen data of millions of T-Mobile users. If it ends up being sold, it could potentially harm all the affected users and also spark lawsuits against T-Mobile.
We’ll update this article if T-Mobile confirms the hack or shares any other information about it.