T-Mobile hacker says the carrier's security is 'awful'

He reportedly broke in using readily available tools.

Sponsored Links

Jon Fingas
August 26th, 2021
ARLINGTON, VA - AUGUST 18:  People walk past the front of a T-Mobile retail store on August 18, 2021 in Arlington, Virginia. T-Mobile announced Wednesday that a data breach exposed the personal information of 7.8 million current customers and 40 million people who had applied for credit. (Photo by Chip Somodevilla/Getty Images)
Chip Somodevilla/Getty Images

The T-Mobile customer data breach might not have been a sophisticated data breach — in fact, it might have been relatively trivial. The hacker claiming to be responsible for the attack, John Binns, told the The Wall Street Journal in a discussion that T-Mobile's security was "awful." Binns reportedly broke through by using a readily available tool to find an exposed router, and took a week to delve through customer data stored in a data center near East Wenatchee, Washington.

Binns, who provided apparent evidence to back up his claims of involvement, said he breached T-Mobile and stole the data to create "noise" that drew attention to him. He came forward to highlight his claims he had been kidnapped in Germany and placed into a fake mental hospital. There wasn't any evidence to support that allegation.

T-Mobile declined to comment on Binns' claims in response to the Journal. It previously stated that it was "confident" it had closed the security holes used in the breach, which compromised sensitive info for more than 54 million active and former customers.

The incident is the third breach in two years, and suggests that T-Mobile is still struggling to offer security that matches its rapidly growing customer base. It only hired a new security leader earlier in 2021, for instance. If Binns' claims are accurate, though, the ease of the attack is also frightening — it only took a casual hack to put tens of millions of people at risk of fraud and other data crimes. The company may need to scramble if it's going to reassure customers that breaches will be rare going forward.

Verizon was Engadget's parent company between June 2015 and September 2021.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget