“Their security is terrible,” John Bins said of T-Mobile when he discussed hacking the personal information of 50 million users.
According to a report from the Wall Street Journal (WSJ) on Thursday, the 21-year-old American hacker responsible for infiltrating the T-Mobile system said that the wireless company’s weak security helped him access a large number of records containing the personal details of more than 50 million people. .
John Bins, who grew up in Virginia, USA but now lives in Turkey, told the Wall Street Journal that he managed to break through T-Mobile’s defenses after discovering that an unprotected router was exposed. Binns has been using multiple online aliases since 2017 and stated that he has been using a simple tool open to the public to scan T-Mobile’s Internet address for vulnerabilities.
“Their security is terrible,” said Bins, who has been communicating with the Wall Street Journal through Telegram messages from an account that discussed the details of the hack before they became widely known.
“I’m panicked because I have access to some big things,” he added.
According to the “Wall Street Journal” report, Bins did not specify whether he sold any data or whether he was paid for the hacking.
The August hacking incident was the third major customer data breach that T-Mobile disclosed in the past two years. According to the company, the latest attack stole a series of personal details from more than 54 million customers, including their names, social security numbers, and dates of birth.
Many of the reported stolen records came from potential customers or former customers who have moved to other operators.
T-Mobile started notifying customers of this violation last week and also reminded its users to update their passwords and personal identification number (PIN) codes.
The Washington-based company is the second largest mobile operator in the United States, with approximately 90 million mobile phones connected to its network.
A person familiar with the matter told the Wall Street Journal that the FBI Seattle office is investigating the T-Mobile hacking incident.
Binns also told the Wall Street Journal that it took him about a week to enter the server.
T-Mobile confirmed that more than 50 million customer records were stolen and stated that it had fixed the security vulnerabilities that led to the violation. It started notifying customers of this violation last week.
It is not clear whether Binns is working alone. In a communication with The Wall Street Journal, he described his collaborative efforts to crack T-Mobile’s internal database.
Binns also told the Wall Street Journal that he wanted to draw attention to the persecution he felt by the US government.
“Generating noise is a goal,” Binns said.
In a conversation with The Wall Street Journal, Binns described an alleged incident in which he said he was kidnapped in Germany and put in a fake mental hospital.
“I have no reason to fabricate a false kidnapping story. I hope someone inside the FBI will leak the relevant information,” he wrote to the Wall Street Journal.
Last year, Binz sued the CIA, the FBI and other federal agencies, demanding that they fulfill his federal record requirements to obtain information about the FBI’s investigation of botnet attacks.
The complaint is still pending in the U.S. District Court for the District of Columbia.