As T-Mobile continues to investigate a massive data breach that took place earlier this month, a person claiming to have conducted the attack has described the carrier’s security as “awful.”
Going by the name “John Binns,” the hacker, apparently a 21-year-old American who moved to Turkey several years ago, contacted the Wall Street Journal via messaging app Telegram and discussed details of the attack before it became widely known.
Binns said he used a known tool designed to locate unprotected routers to launch the hack. The effort clearly proved fruitful, opening up more than 100 servers at a data center in East Wenatchee, Washington, about 90 miles east of T-Mobile’s headquarters in Seattle.
T-Mobile, which last year merged with Sprint in a deal valued at $26 billion, revealed that more than 50 million people are affected by the data breach, including current and former customers, and also prospective customers who had previously applied for credit with T-Mobile. The stolen data includes customers’ first and last names, date of birth, Social Security number, and driver’s license/ID information. An investigation into the attack is ongoing.
The incident is a huge setback for T-Mobile, especially as it follows several similar attacks over the last three years.
In its most recent message regarding the latest security snafu, posted last week, T-Mobile said, “We are continuing to take action to protect everyone at risk from this cyberattack. We have sent communications to millions of customers and other affected individuals and are providing support in various ways.”
We has reached out to T-Mobile for comment on Binns’ claims and we will update this article if we hear back.