Not all data Violation Born to be equal. None of them are good, but they do have varying degrees of badness. Considering that they happen frequently, it is understandable that you may have become accustomed to the news. Nevertheless, hackers claim that the T-Mobile vulnerabilities involving 100 million people’s data are worthy of your attention, especially if you are a “non-operator” customer.

As originally reported Press the motherboard On Sunday, someone on the dark web claimed to have obtained 100 million data from T-Mobile’s servers and sold part of it for 6 bitcoins on underground forums, which is about 280,000 U.S. dollars.The treasure trove includes not only names, phone numbers, and physical addresses, but also more sensitive data such as social security numbers, driver’s license information, and IMEI number, Bind to the unique identifier of each mobile device. Motherboard confirmation The data sample “contains accurate information about T-Mobile’s customers.”

A lot of information is already widely available, and social security numbers can even be found on any number of public record sites.There is also the reality that at this point, most people’s data Has leaked At a certain point. But the obvious T-Mobile vulnerability provides potential buyers with a data mix that can be used to produce huge results, rather than a way you might automatically assume.

Crane Hassold, director of threat intelligence at Abnormal Security, an email security company, said: “It is now possible to send SMS-based phishing messages using phone numbers and names, and these messages are made in a more credible way.” “This is what I thought of. First thing, look at this.”

Yes, the name and phone number are relatively easy to find. But a database that links the two together, as well as identifying someone’s carrier and fixed address, can make it easier to persuade someone to click on an advertising link, for example, to provide T-Mobile customers with special offers or upgrades. And do it collectively.

The same is true for identity theft. Similarly, a lot of T-Mobile data has existed in various forms of violations. But Abigail Showman, team leader at risk intelligence company Flashpoint, said that centralizing it can simplify the process for criminals or grudges or specific high-value victims.

Although names and addresses may be quite common at this time, the International Mobile Equipment Identity is not. Because each IMEI number is associated with a specific customer’s mobile phone, knowing it can help in so-called SIM swap attacks. “This may cause account takeover problems,” Showman said, “because threat actors can obtain two-factor authentication or one-time passwords tied to other accounts, such as email, banking, or any other security features that use advanced authentication. Account-use the victim’s phone number.”

This is not a hypothetical question. SIM card exchange attacks have been rampant in the past few years, and T-Mobile disclosed previous violations In February, Specifically used to execute them.

T-Mobile confirmed on Monday that a violation had occurred, but did not confirm whether customer data has been leaked. The company said in an email statement: “We have been working around the clock to investigate claims that T-Mobile data may be accessed illegally.” “We have determined that unauthorized access to certain T-Mobile data has occurred. Access, but we have not yet determined whether any personal customer data is involved. We believe that the entry point used to obtain access has been closed, and we are continuing to conduct an in-depth technical review of the entire system to determine any illegally accessed data nature.”

Source link