T-Mobile US investigates allegations of 100 million stolen customer records for sale on the dark web • The Register


In short T-Mobile US is investigating allegations that the highly sensitive personal data of 100 million customers has been stolen and peddled via the dark web.

Everything an identity thief needs is on offer: information such as names, addresses, social security numbers, driver’s license information and IMEI numbers. 30 million of those disks went up for sale on an underground forum with the asking price of six Bitcoins, valued at around $ 280,000, Vice reported over the weekend. The rest is sold privately, we are told.

The seller said it was likely that T-Mobile US would be aware of the security breach because a backdoor used to exfiltrate this data from the phone company’s servers had been closed. It would not affect the sale, they said.

“We are aware of the allegations made in an underground forum and have actively investigated their validity,” T-Mobile US said. The register in a statement Monday.

“Unfortunately, we have no additional information to share at this time.”

Shortly after this article was published, the telecom giant shared with us some of this additional information:

“Once we have a more complete and verified understanding of what happened, we will proactively communicate with our customers and other stakeholders,” he added.

Volodymyr “Bob” Diachenko, an expert in internet research on data leakage systems, said today that in mid-July he found an unprotected and publicly accessible database containing 1.9 million records belonging to to the FBI. Terrorist Screening Center.

This organization maintains the United States no-fly list, which is part of a larger terrorist watch list. The files apparently included the names of the people, their citizenship, passport numbers and no-fly status. The exposed silo was removed in August after Homeland Security was informed, Diachenko said.

Signal improves automatic suppression

The Signal end-to-end encrypted chat app announced changes last week that should make monitoring a bit more difficult. “Words once spoken transiently are now – more often than not – data stored forever,” he said with words in a blog post.

Specifically, Signal has an option to automatically delete messages on the sender’s and recipient’s devices, session by session. As such, people may forget to use it or not care. Now, automatic deletion can be enabled by default in all chat sessions. A countdown to deletion can be set from one minute to four weeks, although Signal warns that the system is not perfect; conversations and images can still be captured.

A few bits and bytes …

  • FordPega’s website was running a vulnerable installation of the Pega CMS that could have been exploited to siphon employee information, authentication tokens, and other sensitive internal data. The flaw, CVE-2021-27653, has been patched by Pega and Ford’s website has been updated, although researchers who found the hole were not thrilled with what they said was the lack of communication from the car manufacturer.
  • Amazon will monitor the keyboard and mouse movements of its help desk workers to catch criminals who misuse or steal customer data, it was reported last week.
  • Apple issued another document outlining how its controversial system of tracing child pornography will be protected from abuse.
  • Facebook On Friday, he said it was “rolling out the option to make end-to-end encrypted voice and video calls on Messenger, along with updated controls for missing messages.”
  • Declan Harrington, 21, admitted last week that he hijacked victims’ social media accounts and stole hundreds of thousands of dollars in cryptocurrency via SIM card exchange attacks. His accomplice, Eric Meiggs, pleaded guilty in April.

Drupal resolves “moderately critical” flaws

In an advisory published Thursday, Drupal described a “moderately critical” vulnerability in the third-party WYSIWYG editor CKEditor, which, if enabled on your Drupal system, can be exploited through “one or more cross-site scripting (XSS) vulnerabilities” to potentially perform actions as a logged in user or administrator.

CKEditor corrected its flaws; Drupal 9.2 users should update to Drupal 9.2.4; 9.1 to 9.1.12; and 8.9 to 8.9.18. ®

Source link


Leave A Reply