“Their security is horrible,” John Binns said of T-Mobile as he discussed the hacking of the personal data of 50 million users.
The 21-year-old US hacker who takes responsibility for infiltrating T-Mobile’s systems says the wireless company’s weak security has helped him gain access to a mine of documents containing personal information of over 50 million people, the Wall Street Journal (WSJ) reported Thursday. .
John Binns, who grew up in Virginia in the United States but now lives in Turkey, told the WSJ he was successful in breaking through T-Mobile’s defenses after discovering an exposed unprotected router. Binns has used multiple online aliases since 2017 and said he scanned T-Mobile internet addresses for vulnerabilities using a simple tool available to the general public.
“Their security is horrible,” said Binns, who communicated with the WSJ via Telegram messages from an account that discussed the details of the hack before they became widely known.
“I was panicking because I had access to something big,” he added.
Binns did not say if he sold data or if he was paid for the hack, the WSJ reported.
The August hack is the third major customer data breach that T-Mobile has made public in the past two years. According to the company, the latest attack stole an array of personal data from more than 54 million customers, including their names, social security numbers and dates of birth.
Many of the files reported stolen came from potential customers or former customers who switched to other carriers.
T-Mobile, which began notifying customers of the breach last week, also reminded its users to update passwords and personal identification number (PIN) codes.
The Washington-based company is the second-largest US mobile operator, with some 90 million mobile phones connected to its networks.
The Seattle office of the Federal Bureau of Investigation (FBI) is investigating the T-Mobile hack, a person familiar with the matter told the WSJ.
Binns also told the WSJ that it took him about a week to access the servers.
T-Mobile, which has confirmed that more than 50 million customer records have been stolen, also said it fixed the security hole that allowed the breach. He began advising customers of the violation last week.
It remains unclear whether Binns worked alone. In his communications with the WSJ, he described a collaborative effort to crack T-Mobile’s internal databases.
Binns also told the WSJ he wanted to draw attention to his perceived persecution by the US government.
“Generating noise was a goal,” Binns said.
In his conversations with the WSJ, Binns described an alleged incident in which he says he was kidnapped in Germany and placed in a bogus mental hospital.
“I have no reason to make up a false kidnapping story and I hope someone within the FBI will disclose information about it,” he wrote to the WSJ.
Last year, Binns sued the Central Intelligence Agency, the FBI, and other federal agencies to urge them to respond to a federal records request he made for information about the FBI’s investigations into the attacks. botnet.
The complaint is still active in the United States District Court for the District of Columbia.