Hacker Claims T-Mobile’s ‘Awful’ Security Gave Him Access to 50 Million Accounts
Toggle Dark Mode
Now living in Turkey, hacker John Binns shared with the Wall Street Journal how he breached T-Mobile’s network and gained access to 50 million accounts in July. He didn’t use any sophisticated tools or highly complex methods to breach T-Mobile’s security. Instead, the hack job was made easy because the mobile carrier’s security is lax, claims Binns.
Binns said he could access T-Mobile’s network through an unprotected router in the company’s data center near East Wenatchee, Washington. He discovered the vulnerable piece of hardware using a publicly available scanning tool that he pointed at T-Mobile’s widely known internet addresses.
“I was panicking because I had access to something big,” said Binns to the Wall Street Journal. “Their security is awful.”
Binns is a known hacker who has been perfecting his craft online since 2017 using various online aliases. He shared the details on this T-Mobile hack with the WSJ before the wireless carrier publicly confirmed the intrusion.
Binns declined to confirm whether he was paid to conduct the hack or sold the data he obtained.
T-Mobile CEO Mike Sievert said he was “truly sorry” for the intrusion that affected 50 million people.
“We didn’t live up to the expectations we have for ourselves to protect our customers. Knowing that we failed to prevent this exposure is one of the hardest parts of this event.”
T-Mobile CEO Mike Sievert via AP
The company confirmed that the hack exposed names, social security numbers, driver’s license information, and more. Over 40 million customers who applied for T-Mobile credit were affected by this breach. Also involved were 7.8 million current T-Mobile subscribers who pay for their service on a monthly basis.
T-Mobile has reached out to those accounts that were compromised in this breach. If you are not sure if your account was involved, you can contact T-Mobile customer service or log into your account.
Those who were not affected should see a banner on their account page that confirms the hacker did not steal their account data.