From The Verge: A person claiming to be behind the T-Mobile data breach that exposed almost 50 million people’s info has come forward to reveal his identity and to criticize T-Mobile’s security, according to a report by The Wall Street Journal. John Binns told the WSJ that he was behind the attack and provided evidence that he could access accounts associated with it, and he went into detail about how he was able to pull it off and why he did it.
According to Binns, he was able to get customer (and former customer) data from T-Mobile by scanning for unprotected routers. He found one, he told the Journal, which allowed him to access a Washington state data center that stored credentials for over 100 servers. He called the carrier’s security “awful” and said that realizing how much data he had access to made him panic. According to the WSJ, it’s unclear whether Binns was working alone, though he implied that he collaborated with others for at least part of the hack.
The information the hacker gained access to includes sensitive personal data, like names, birthdates, and Social Security numbers, as well as important cellular data like identification numbers for cellphones and SIM cards. T-Mobile has said in a statement that it’s “confident” that it’s “closed off the access and egress points the bad actor used in the attack.”
The WSJ’s report goes in depth into Binns’ history as a hacker. He claims that he got his start making cheats for popular video games and that he discovered the flaw that ended up being used in a botnet that attacked IoT devices (though he denies actually working on the code).
View: Full Article
