What happened:
Hacker “John Binns” accessed and sold 50 million consumer records stored in T-Mobile’s unsecured servers.
“John Binns” explained that he explored T-Mobile’s Internet-facing routers for vulnerabilities. After finding and exploiting one vulnerability, he found credentials for 100 servers inside one of T-Mobile’s Washington State servers.
He then exfiltrated the records and placed them for sale on the dark web.
Why is this important?
The T-Mobile attack required minimum resources. A single attacker compromised T-Mobile’s network and data through multiple layers. This was too easy. But the vulnerabilities found in T-Mobile’s environment are also common.
What does this mean to me?
HALOCK finds that many organizations are not implementing known-effective controls – such as router hardening, multifactor authentication (MFA), and credential protection – because they are overwhelmed and under-resourced. The burden is often left on the shoulders of IT staff to solve problems that they don’t have resources for.
Related threats
Network device attack
Authentication hijacking
Related vulnerabilities
Un-hardened network devices
Unprotected privileged user credentials
Lack of MFA
Helpful controls
Network device hardening – Consider SCAP policies
Privileged access management (PAM)
Multifactor authentication (MFA)
Commonality of attack
High
Article on story
T-Mobile Breach Link