A hacker who stole the data of 54 million T-Mobile customers has described the carrier’s security as “awful.”
John Binns, a 21-year-old American now living in Turkey, told the Wall Street Journal on Thursday that he was behind the breach.
Binns says he gained access to customer information by finding a publicly exposed router.
“I was panicking because I had access to something big,” he said. “Their security is awful.”
According to Binns, he scanned T‑Mobile’s infrastructure using publicly available tools. After discovering the exposed router, he used it as a foothold to reach a data center outside East Wenatchee, Washington. From there, stored credentials allowed him to move to more than 100 servers.
Security experts say the breach highlights failures across multiple layers of T‑Mobile’s defenses, which enabled the intruder to reach sensitive data with relative ease.
Researchers at Unit221B notified T‑Mobile that someone using the alias “IRDev” was attempting to sell customer records. Binns later demonstrated that he could access the accounts associated with that alias.
Binns offered an unusual motive for the attack: he said he wanted to “generate noise” to draw attention to what he describes as persecution by U.S. authorities, including an alleged incident in Germany where he claims to have been abducted and placed in a fake mental hospital.
He has been linked to other notable hacks through online profiles, and says going public was intended to challenge and expose the unverified claims he makes about U.S. officials.
“I have no reason to make up a fake kidnapping story and I’m hoping that someone within the FBI leaks information about that,” he wrote in a Telegram message.
T‑Mobile responded that it believes it has closed the vulnerable access points used in the intrusion and is offering two years of identity protection services to affected customers.
(Photo by Towfiqu barbhuiya on Unsplash)
Find out more about Digital Transformation Week North America, a virtual event on November 9–10, 2021, focused on advanced digital transformation strategies for a rapidly evolving “digital everything” world.