A hacker, taking responsibility for breaking into T-Mobile’s systems, said the job hadn’t been difficult, The Wall Street Journal (WSJ) reported.
“I was panicking because I had access to something big,” John Binns, 21, told WSJ. “Their security is awful.”
Binns moved to Turkey a few years back and has confessed that he was behind the hack, according to the report. He communicated with WSJ via Telegram messages and had details about the hack before they had become commonly known.
Binns said he broke through the cellphone company’s defenses after discovering an unprotected router exposed through the internet, the report stated. He said he had been scanning the T-Mobile known internet addresses for weak spots, using a tool that was available to the public.
He said part of his goal was “generating noise” but didn’t say whether he had sold any of the stolen data, according to the report. He also didn’t add whether he had been paid to hack the mobile phone giant. Binns said he had been using the entry point of many users no longer with the company as a way to hack the company. Stored credentials there had let him access over 100 servers.
T-Mobile has confirmed that over 50 million customer records had been stolen and said the issues leading to the hack being possible had been fixed, the report stated.
In the wake of the hack, T-Mobile has been offering free McAfee identity protection services for two years. The company said “no phone numbers, account numbers, PINs, passwords or financial information were compromised in any of these files of customers or prospective customers.”
But the mobile phone carrier confirmed that there had been Social Security numbers, full names, birth dates and driver’s license details stolen in the hack.