A day after this article was published, T-Mobile confirmed in an announcement that it suffered a data breach. The original story is below.
T-Mobile says it is investigating a forum post claiming to be selling a mountain of personal data. The forum post itself doesn't mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile servers.
The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller said. Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.
"T-Mobile USA. Full customer info," the seller told Motherboard in an online chat. The seller said they compromised multiple servers related to T-Mobile.
Do you work at T-Mobile and know anything else about this breach? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email firstname.lastname@example.org.
On the underground forum the seller is asking for 6 bitcoin, around $270,000, for a subset of the data containing 30 million social security numbers and driver licenses. The seller said they are privately selling the rest of the data at the moment.
"I think they already found out because we lost access to the backdoored servers," the seller said, referring to T-Mobile's potential response to the breach.
They said that although it appears T-Mobile has since kicked them out of the hacked servers, the seller had already downloaded the data locally.
"It's backed up in multiple places," they said.
T-Mobile said in a statement to Motherboard that "We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time." T-Mobile repeatedly declined to answer follow-up questions about the scale of the breach.
Subscribe to our cybersecurity podcast CYBER, here.