1/7/2024 0 Comments T mobile security breach![]() Subscribe to our cybersecurity podcast, CYBER. The group alleged, without concrete evidence, this was done on behalf of Nvidia. After hacking group LAPSUS$ targeted Nvidia, the group claimed in a post on its Telegram channel that someone had hacked into a machine the group was using to store the stolen Nvidia data and then deployed ransomware. These companies can sometimes deploy controversial tactics, such as “hacking back,” where the firm will offensively strike back at the criminal hackers, perhaps by breaching their command and control or other servers to see what data was stolen, interfere with the hackers’ infrastructure, or try to glean information on who the hackers might be. Victim companies often hire incident response or threat intelligence firms after they have been hacked to discover how exactly they were breached and to take mitigation steps against any further exposure. In March Mandiant announced it was being acquired by Google. Mandiant did not immediately respond to a request for comment on whether it was the third-party that paid cybercriminals $200,000. We are confident that there is no ongoing risk to customer data from this breach.” But in a previous statement published in August, Mike Sievert, CEO of T-Mobile, said “Through our investigation into this incident, which has been supported by world-class security experts Mandiant from the very beginning, we now know how this bad actor illegally gained entry to our servers and we have closed those access points. The court documents do not name the third-party that bought the data, nor do they describe what sort of company it was. A day later, T-Mobile confirmed it had been breached. T-Mobile provided a statement at the time saying it was investigating the hack against its company. At the time Motherboard spoke to the person selling the data including SSNs and obtained samples of the data which confirmed the hacker had accurate information on T-Mobile customers. Motherboard first revealed news of the breach mentioned in the court document several days after the specific RaidForums threads mentioned. Image: Motherboard.Ĭompany 3, the unnamed telecommunications firm that hired this third-party, was T-Mobile, according to Motherboard’s review of the timeline and information included in the court records. ![]() The document says that “it appears the co-conspirators continued to attempt to sell the databases after the third-party’s purchase.”Ī screenshot of the court document. The purpose of the deletion would be that this undercover customer would be the only one with a copy of the stolen information, greatly limiting the chance of it leaking out further. That employee then purchased the entire database for around $150,000, with the caveat that SubVirt would delete their copy of the data, it adds. The document goes on to say that this company “hired a third-party to purchase exclusive access to the database to prevent it being sold to criminals.” An employee of this third party posed as a potential buyer and used the RaidForums’ administrator’s middleman service to buy a sample of the data for $50,000 in Bitcoin, the document reads. The document does not name the victim company, instead referring to it as Company 3, but says another post confirmed that the data belonging to “a major telecommunications company and wireless network operator that provides services in the United States. “On or about August 11, 2021, an individual using the moniker ‘SubVirt’ posted on the RaidForums website an offer to sell recently hacked data with the following title: ‘SELLING-124M-U-S-A-SSN-DOB-DL-database-freshly-breached.’” Later, Subvirt changed the thread title to “SELLING 30M SSN + DL + DOB database,” the document continues.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |