2018 T-Mobile Breach: What we know.

Sunday, August 26th, 2018: A hacker going by the psuedonym “Aleks” contacted DeHashed regarding the recent T-Mobile database breach.

The data, acquired on August 20th, 2018, includes the following tables:

{“statusCode”200″:,”body”:{“mobile”:””,”cn”:””,”tmbillingfirstname”:””,”tmbillinglastname”:””,”tmmlcusttype”:””,”tmregistrationstatus”:””,

“tmSIMSerial”:””,”tmSubscriberType”:””,””:””,”tmaccounttypesubtype”:””,”tmban”:””,”tmbillingzip”:””,”tmcontrolledplantype”:””,

“tmimsi”:””,”billCyclePeriod”:””,”operatorid”:””,”tmactivationdate”:””,”tmaccountstatus”:””,”tmBillCyclePeriodLastUpdate”:””,

“tmOperatorIdLastUpdate”:””,”tmSOCLastUpdate”:””,”tmICCID”:””,”sn”:”[null]”}}

From this raw entry, we can see the following data has been compromised:

Mobile Number, Full Billing Information, Sim Information, Subscription Information, Account Information, Phone Information, Device Information

The actual affected user count is 1,243,910.

This looks like it was a failure on the T-Mobiles side of operations, similar to the Panera Bread API Breach. This does not look like any information obtained from a database, rather information obtained from an API call. T-Mobiles current CEO Did not learn from the experian breach, making his apology and insight completely useless.

DeHashed has not obtained a copy of the database (yet), due to legal reasons. However, we will be working on aquiring the database legally and writing more in-depth analysis on what went wrong, and how T-Mobile failed to protect it’s end users.