T-Mobile breached 50 MM consumer records through multiple failures

What happened:

Hacker “John Binns” accessed and sold 50 million consumer records stored in T-Mobile’s unsecured servers.

“John Binns” explained that he explored T-Mobile’s Internet-facing routers for vulnerabilities. After finding and exploiting one vulnerability, he found credentials for 100 servers inside one of T-Mobile’s Washington State servers.

He then exfiltrated the records and placed them for sale on the dark web.

Why is this important?

The T-Mobile attack required minimum resources. A single attacker compromised T-Mobile’s network and data through multiple layers. This was too easy. But the vulnerabilities found in T-Mobile’s environment are also common.

What does this mean to me?

HALOCK finds that many organizations are not implementing known-effective controls – such as router hardening, multifactor authentication (MFA), and credential protection – because they are overwhelmed and under-resourced. The burden is often left on the shoulders of IT staff to solve problems that they don’t have resources for.

Related threats

Network device attack
Authentication hijacking

Related vulnerabilities

Un-hardened network devices
Unprotected privileged user credentials
Lack of MFA

Helpful controls

Network device hardening – Consider SCAP policies
Privileged access management (PAM)
Multifactor authentication (MFA)

Commonality of attack

High

Article on story

T-Mobile Breach Link