100 Million User T-Mobile Breach? – Multiple Comments

Business Data Breach

Expert(s): ISBuzz Staff | Informationsecuritybuzz.com »


T-Mobile confirmed Sunday that it is looking into an online forum post claiming to be selling personal data of 100,000mm customers. If you are planning to provide continuing coverage for this story, here are comments from several of our experts.


Saryu Nayyar

| August 17, 2021

Saryu Nayyar, CEO, Gurucul

T-Mobile is investigating a breach involving 100 million accounts, all with highly personal information attached to them, including Social Security numbers, driver’s license information, names, and addresses. That number seems to indicate that it is the entire T-Mobile list of customers, present and past, making it one of the largest and most sophisticated attacks on record.

While we have seen similar breaches with large numbers of accounts, this one is unique in that the attackers are offering to sell the most sensitive data back to T-Mobile. This makes it a type of ransomware attack, although it also involves data theft. T-Mobile should be wary of doing this, as data and be copied and resold outside of any agreement reached. But it seems that hackers believe that a ransomware approach offers a more fruitful means to profit than selling account data on the open market.


| August 17, 2021

Christos Betsios, Cyber Operations Officer, Obrela

Now that T-Mobile has confirmed this incident, it needs to work round the clock to identify who has been affected and what data has been accessed. The longer this process takes, the more time attackers have with this information to commit more crimes. While there can be no denying that data breaches are commonplace today, you would hope a company as large as T-Mobile would learn from previous incidents to harden its systems and improve security. Reports have suggested the company has already been impacted by as many as six separate data breaches, this raises alarm bells and highlights that the company’s security program has a number of flaws that need to be fixed.


| August 17, 2021

Ron Bradley, VP, Shared Assessments

The sad reality is, there are very few of us that haven’t had our personal information compromised (likely multiple times). It’s incumbent upon all consumers to take basic steps to protect themselves such as freezing their credit, using password managers, creating at least one throwaway email address, and being on the lookout for techniques such as SIM swapping (particularly in the case of T-Mobile users).


| August 17, 2021

Sascha Fahrbach, Security Evangelist, Fudo Security

This incident will be one of the largest and most serious data leaks compromising sensitive consumer information this year. What’s more, it confirms that T-Mobile is becoming ever more infamous in terms of its cybersecurity flaws. This marks the second data leak for T-Mobile this year; in February, it suffered a massive SIM hijacking attack. To add to their woes, there were more breaches, five in the last four years. In each case, hackers were able to gain access to employee as well as customer data. Of course, no organization is impervious to attacks, but the frequency and scale of these cyber incidents do beg the question: how seriously is T-Mobile taking its cybersecurity?”

It is very likely that all the sensitive data that hackers have exfiltrated will now be weaponized in various forms to create advanced phishing attacks which will target victims. Our personal data has immense value to cybercriminals; they will use social security numbers, addresses and phone numbers to muster further attacks and gain more personal data, which can be used for more identity theft, financial fraud, and other damaging activities.

The attack seems to highlight once again that many organizations are still not able to reduce their attack surface and limit lateral movement once trusted systems and assets have been breached. Overall, companies need more segmentation to avoid their most vital data being taken. Utilizing a Zero Trust strategy would certainly be an advantage in this scenario, ensuring that segmentation and authentication remain razor tight.

T-Mobile needs to adopt many lessons, the chief of which is that holistic security needs an engaged workforce on all levels. It will not be simply a matter of hiring a CISO but ensuring that proper procedures and tools are implemented across the organization, including its third-party suppliers and contractors. Zero Trust needs to lead the way here if consumer and investor confidence is ever to return.”


| August 17, 2021

Garret F. Grajek, CEO, YouAttest

Enterprise needs to be aware that hackers are constantly scanning our sites and resources for weaknesses. Zero Day threats are real – where hackers are identifying known and unknown weaknesses. Thus, we have to be cognitive of the attacker “cyber kill chain” – where attackers step through a process of reconnaissance, intrusion, exploitation – which eventually leads to privilege escalation and lateral movement across the enterprise in search of data like this T-mobile data. Enterprises should focus upon their current access policies and triggers on changes to identities in key groups to harden IT system security.


| August 17, 2021

Tom Garrubba, Senior Director and CISO, Shared Assessments

We are seeing these RaaS organizations becoming increasingly bold in their ransom efforts, and it appears (according to the Motherboard report) that the seller claimed they’ve “lost access to the backdoored servers,” indicating they’ve been detected. This poses the question: what techniques does T-Mobile (or any other organization, for that matter) require to prevent threat actors from coming through the “back door”? While threat actors need only to be successful once in compromising data, organizations need to be on their toes constantly and must consistently revisit their tools and techniques to ensure they’re covering all exposure points to their crown jewels – their customer or proprietary data.


| August 17, 2021

Doug Britton, CEO, Haystack Solutions

This is a very frustrating report. Mobile devices are key to many 2-factor authentication protocols. That makes this breach highly significant. If this breach is verified, it is another alarming event in a series of headlines that are eroding trust in privacy and data security. Corporations need to significantly develop cyber talent. This is an area that takes targeted and sustained investment.

In general, we need to dramatically increase our pipeline of talent entering and expanding the cyber workforce. We have the tools to find cyber talent regardless of background. We need to collectively take action to leverage these tools and accelerate the talent development needed to combat data breaches and ransomware attacks or we risk eroding consumer confidence and suffering future exploits.


| August 17, 2021

David Stewart, CEO, CriticalBlue – Approov

If this T-Mobile data breach turns out to be genuine, and the initial signs are that it is, it is an alarm call to all enterprises who may share customers with T-Mobile. With 100M users’ data for sale on the dark web, including usernames, passwords and other personal data, all such enterprises should expect script driven credential stuffing attacks imminently against their APIs.

The probability that passwords have been reused across platforms is extremely high and therefore some of the T-Mobile credentials will also be valid for other platforms. This would be a truly excellent time for all enterprises to ensure that API calls are authorized by at least one independent authentication factor over and above their standard user authentication method.

T-Mobile Breach
External Link: 100 Million User T-Mobile Breach? – Multiple Comments

Share this page:

Related Posts