2018 T-Mobile Breach: What we know.
Sunday, August 26th, 2018: A hacker going by the psuedonym “Aleks” contacted DeHashed regarding the recent T-Mobile database breach.
The data, acquired on August 20th, 2018, includes the following tables:
{“statusCode”200″:,”body”:{“mobile”:””,”cn”:””,”tmbillingfirstname”:””,”tmbillinglastname”:””,”tmmlcusttype”:””,”tmregistrationstatus”:””,
“tmSIMSerial”:””,”tmSubscriberType”:””,””:””,”tmaccounttypesubtype”:””,”tmban”:””,”tmbillingzip”:””,”tmcontrolledplantype”:””,
“tmimsi”:””,”billCyclePeriod”:””,”operatorid”:””,”tmactivationdate”:””,”tmaccountstatus”:””,”tmBillCyclePeriodLastUpdate”:””,
“tmOperatorIdLastUpdate”:””,”tmSOCLastUpdate”:””,”tmICCID”:””,”sn”:”[null]”}}
From this raw entry, we can see the following data has been compromised:
Mobile Number, Full Billing Information, Sim Information, Subscription Information, Account Information, Phone Information, Device Information
The actual affected user count is 1,243,910.
This looks like it was a failure on the T-Mobiles side of operations, similar to the Panera Bread API Breach. This does not look like any information obtained from a database, rather information obtained from an API call. T-Mobiles current CEO Did not learn from the experian breach, making his apology and insight completely useless.
DeHashed has not obtained a copy of the database (yet), due to legal reasons. However, we will be working on aquiring the database legally and writing more in-depth analysis on what went wrong, and how T-Mobile failed to protect it’s end users.