T-Mobile Fails In Attempt To Buy Back Stolen User Data

Telco giant T-Mobile has allegedly tried to buy back the user data stolen from them from a previous hack, but to no avail.

Wife Spies on Husband with Help from T-Mobile Employee
Wife Spies on Husband with Help from T-Mobile Employee Image from Mika Baumeister on Unsplash

According to TechRadar, the company hired a "third-party" to buy back the stolen data before it was leaked online. They were said to have paid the hackers on the forum, called RaidForums, around $200K to delete their copy of the information. And the data wasn't just small-time: these were social security numbers, birthdays, and drivers licenses of some 124 million T-mobile customers which were stolen last year.

The aforementioned third-party tasked an employee to buy a "sample" of the stolen data for $50,000 worth of Bitcoin. Then, they bought the entire stolen database for $150,000 more, on the condition that RaidForums user "SubVirt" delete their copy of the data-which they actually put on sale on the forum.

By asking SubVirt to delete their copy, the third-party hired by T-Mobile hoped that the data wouldn't be sent to other cybercriminals who might use it for things like identity theft, fraud, and other cybercrimes.

But despite already being paid, SubVirt (perhaps in a not-so-unexpected manner) continued to try selling the data on the forums. In simpler terms, T-Mobile failed when they decided to just pay the cybercriminals a ransom.

The information was first reported on by VICE's Motherboard. According to the report, SubVirt tried selling the stolen customer data originally for $124 million, but then dropped the price to $30 million. And while T-Mobile didn't name the third-party they hired to do the deed, they did mention that the cybersecurity firm Mandiant helped them deal with the hack when it occurred back in August last year.

Mandiant has so far neither confirmed nor denied its involvement in the attempted buy back. Perhaps they might have bigger things in mind, as the company announced in early March that they were being acquired by search engine giant Google for $5.4 billion.

A Look At The August 2021 T-Mobile Hack

As previously mentioned, the telco was breached back in August resulting in the theft of almost 50 million customers' sensitive information, writes ZDNet. This includes current, former, and even potential customers looking to do business with the company.

But unlike most hackers who try their best to remain anonymous, the perpetrator behind the T-Mobile hack actually revealed himself. 21-year-old US citizen John Binns admitted to the crime, which he says he conducted while in his home in Turkey. The hacker admitted to the deed to the Wall Street Journal and cybersecurity firm Hudson Rock's co-founder Alon Gal.

various hacker groups are targeting infrastructure operations
Jakub Porzycki/NurPhoto via Getty Images

He almost seemed like he wasn't even sorry for the attack. When asked about details, he mentioned how it only took him a week to breach the telco's defenses, calling the carrier's cybersecurity "awful." But aside from that, he didn't reveal whether he acted out of his own accord, or whether he was hired by an external party to do it.

This article is owned by Tech Times

Written by RJ Pierce

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics