As MacRumors reports, Mike Sievert, CEO of US carrier T-Mobile, issued an apology letter today. Particularly, he apologizes to users for 50 million data breaches. A 21-year-old American hacker discovered a vulnerability in the T-Mobile server this month and successfully stolen a large amount of user information, including name, phone number, date of birth, address, social security code, IMEI/IMSI and other information. The “author” was selling it on the Internet. Fortunately, not all stolen information is complete.
The CEO of T-Mobile said, “we didn’t live up to the expectations we have for ourselves to protect our customers. Knowing that we failed to prevent this exposure is one of the hardest parts of this event. On behalf of everyone at Team Magenta, I want to say we are truly sorry.”
What’s Known About This Data Breach?
Once T-Mobile was informed about this incident, it started an investigation with the help of a world-class security experts Mandiant. So they learned how the hacker illegally gained entry to their servers. Of course, T-Mobile closed those access points but it was done only after. Oddly, T-Mobile also wrote in its apology letter that “We are confident that there is no ongoing risk to customer data from this breach.” But 50 million users’ data is a “good stuff for a deal.“
Not surprisingly, many have been asking exactly what happened. But as T-Mobile is actively coordinating with law enforcement on a criminal investigation, there is no option to disclose many details. However, they provided users with some details, saying “in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data.”
Unfortunately, this happens frequently and we guess it will accelerate in the future. Say, recently, there was the biggest data breach incident. CyberNews informed that a 100GB text file containing 8.4 billion passwords was available on a popular hacker forum. The file was titled as “RockYou2020” and it was combining passwords stolen via previous data breaches and leaks.
Back in 2009, there was another big data breach, namely RockYou. At that time, “threat actors hacked their way into the social app website’s servers and got their hands on more than 32 million user passwords stored in plain text.” So as you can see, the number of stolen data increases drastically.