Key Takeaways
T-Mobile was hacked a couple weeks ago exposing sensitive information of more that 50 million customers
John Binns, a U.S. citizen living in Turkey, took credit for the attack and says that he did it to draw attention to a lawsuit he has against CIA, FBI, and Department of Justice for allegedly torturing him
Victims of the breach can check for their information on the dark web, freeze their credit, strengthen their other passwords, and sign up for identity theft protection services to defend themselves after a breach
What happened?
T-Mobile, one of the biggest telecommunications companies in the US, was hacked nearly two weeks ago, exposing the sensitive information of more than 50 million current, former and prospective customers.
Names, addresses, social security numbers, driver's licenses and ID information for about 48 million people were accessed in the hack, which initially came to light on August 16. The company is sharing updates on the scope and investigation of the attack.
T-Mobile says there's no indication any consumer financial data, such as credit card or other payment information, was compromised. Vice has reported that T-Mobile is now facing a class action lawsuit for the data breach, based on papers filed in a Washington court.
T-Mobile CEO Mike Sievert apologized for the hack and said the company had hired Mandiant, a cybersecurity company, and KPMG, a consultancy, to improve its cyber defenses. "To say we are disappointed and frustrated that this happened is an understatement," Sievert wrote in a statement, adding that keeping customer data safe is a "top priority." The breach is the third major customer data leak that T-Mobile has disclosed in the past two years.
Who is behind the attack?
Usually with cyberattacks, figuring out who did it can be tricky. In this case, the main culprit behind the attack came forward almost immediately in an interview with the Wall Street Journal. John Binns, a 21-year-old American, claimed responsibility for the hack; the Journal reported that it remains unclear whether Binns was working alone or with others. Binns, who was born in Virginia but now lives in Izmir, Turkey, said he conducted the attack from his home.
Through Telegram, Binns provided details about the hack that were not publicly known yet to the Wall Street Journal, proving he was behind the T-Mobile attack. Binns told reporters that he originally gained access to T-Mobile's network through an unprotected router in July. From there, Binns told Bleeping Computer that he was able to gain access to "production, staging, and development servers two weeks ago." He hacked into an Oracle database server that had customer data inside. For more proof, Binns shared with Bleeping Computer a screenshot of his SSH connection to a production server running Oracle.
T-Mobile managed to eventually kick him out of the breached servers, but not before copies of the data had already been made. Binns did not try to ransom T-Mobile because he already had buyers for the data online. On an underground forum, Binns and others were found selling a sample of the data with 30 million social security numbers and driver licenses for 6 Bitcoin ($290,000), according to Bleeping Computer.
Why did he do it?
What motivated Binns to commit this crime and then draw attention to himself? Binns told the Wall Street Journal that "Generating noise was the goal." The 21-year-old Virginia native told the Wall Street Journal that he has been targeted by US law enforcement agencies for his alleged involvement in the Satori botnet conspiracy.
He claims Turkish intelligence agents collaborating with the CIA abducted him in Germany and tortured him with neurotoxic gases. Binns filed a lawsuit in the United States District Court for the District of Columbia against the FBI, CIA and Justice Department in November where he said he was being investigated for various cybercrimes and for allegedly being part of the Islamic State militant group, a charge he denies.
"I have no reason to make up a fake kidnapping story and I'm hoping that someone within the FBI leaks information about that," he explained in his messages to the Wall Street Journal.
The lawsuit includes a variety of claims by Binns that the CIA broke into his homes and wiretapped his computers as part of a larger investigation into his alleged cybercrimes. Binns said he'd committed the hack to bring attention to his case.
What YOU can do after a data breach
Once your data has been breached, you cannot get it back, but there are a few things you can do to minimize the damage. Here are 4 things you can do to protect yourself after a data breach:
You can check if your password is on the dark web. As part of its password manager service, Google offers the free Password Checkup tool, which monitors usernames and passwords you use and notifies you if those login credentials have been exposed. Look here for more info on using that service, note this only if you have a Google account. Also, websites like Have I been Pwned? will tell you if your phone or email have been breached.
You can put a freeze on your credit. Doing so will prevent anyone with your information from opening a line of credit, or taking out any loans under your name. Freezing your credit won't take long: You'll just need to fill out a form with Equifax, Experian and Transunion (one from each company) to make the request.
Strengthen your other passwords. Using a unique and strong password for every online account you own is an easy way to make sure a breach of one service doesn't lead to bad guys accessing more of your online accounts where you used the same password.
Sign up for identity theft and account takeover protection. Fortunately, T-Mobile is offering two free years of McAfee’s ID Theft Protection Service to those affected by the latest breach.