T-Mobile Massive Scale Hack
It has been reported that 76 million users’ data leaked with a massive scale Hack, on T-Mobile.
Karak Saini discovered the bug in the wsg.t-mobile.com API, where the user searched for a number, the data that the API sends include that user’s data. The data sent includes an email address, IMSI network code, billing details and more. Well, that all a hacker has to know to identify a user and all the information.
Saini spoke with Motherboard, where he said: “T-Mobile has 76 million customers, and an attacker could have run a script to scrape the data (email, name, billing account number, IMSI number, other numbers under the same account which are usually family members) from all 76 million of these customers to create a searchable database with accurate and up-to-date information of all users”
Saini told T-Mobile about the issue, with the telco fixing the security bug and reassuring everyone that only a small portion of their subscribers was open to this attack. T-Mobile added that “there is no indication that it was shared more broadly”. Blackhat hackers have had access to this flaw for months and could’ve taken the data from millions upon millions of users’ data.
One of the blackhat hackers had a response to the original Motherboard story, saying that the bug was known and exploited for “quite a while”.
Kevin Jones434 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others. He holds prestigious certifications like OSWP, OSCP, ITIL. His goals in life are simple - to finish her maiden business venture on Cybersecurity, and then to keep writing books for as long as possibly can and never miss a flight that makes the news.