Only days after T-Mobile U.S. Inc (NASDAQ: TMUS) confirmed that a cyberattack stole records of over 50 million customers, John Binns took responsibility for the hack and blasted the company’s security practices, the Wall Street Journal reported on Thursday.
Did Binns sell the data?
Binns said his scan for unprotected routers found one last month that gave him access to T-Mobile’s Washington state data centre.
Are you looking for fast-news, hot-tips and market analysis?
Sign-up for the Invezz newsletter, today.
Hacking into it, he used the stored credentials for more than 100 servers to steal customers’ personal data, including their Social Security numbers and cellular data related to the SIM cards and identification numbers for cell phones.
“I was panicking because I had access to something big. Their security is awful.â€
The hacker hinted that he had help from others for at least part of the cyberattack. The WSJ report, however, failed to confirm if he was paid to breach T-Mobile or sold the customers data he stole.
T-Mobile is United States’ 2nd largest wireless network operator, providing services to more than 104 million customers, as per its Q2 earnings report published in July.
T-Mobile says it has fixed the security loophole
According to T-Mobile, it has now sealed the security loophole Binns used to gain access to its servers.
“We are confident that we have closed off the access and egress points the bad actor used in the attack,†the company said in a statement.
A T-Mobile spokeswoman, however, refrained from commenting on specific claims made by the hacker.
The cyberattack marked the third major hack into T-Mobile in the past two years that resulted in a breach of customer data. Such incidents, as per many cybersecurity experts, is a clear indication that T-Mobile needs to focus on improving its cybersecurity practices.
eToro
10/10
67% of retail CFD accounts lose money
