T-Mobile Massive Scale Hack
It has been reported that 76 million users’ data leaked with a massive scale Hack, on T-Mobile.
Karak Saini discovered the bug in the wsg.t-mobile.com API, where the user searched for a number, the data that the API sends include that user’s data. The data sent includes an email address, IMSI network code, billing details and more. Well, that all a hacker has to know to identify a user and all the information.
Saini spoke with Motherboard, where he said: “T-Mobile has 76 million customers, and an attacker could have run a script to scrape the data (email, name, billing account number, IMSI number, other numbers under the same account which are usually family members) from all 76 million of these customers to create a searchable database with accurate and up-to-date information of all users”
Saini told T-Mobile about the issue, with the telco fixing the security bug and reassuring everyone that only a small portion of their subscribers was open to this attack. T-Mobile added that “there is no indication that it was shared more broadly”. Blackhat hackers have had access to this flaw for months and could’ve taken the data from millions upon millions of users’ data.
One of the blackhat hackers had a response to the original Motherboard story, saying that the bug was known and exploited for “quite a while”.