Before T-Mobile was probably even aware of its latest (and unfortunately, greatest ever) security breach, a treasure trove of data purportedly swiped from as many as 100 million people went up for sale online
While there's no indication anyone actually ended up buying said illegally obtained information, the man (or should we say boy?) behind the cyber-attack since confirmed to have violated the privacy of at least 53 million current, past, and prospective T-Mo customers
remains committed to damaging the "Un-carrier's" public image.
The hack was not as complicated as you might think
Look, everyone is vulnerable in the face of a sophisticated enough "bad actor" or hacking group. Wireless service providers, social media giants
, search giants
, federal governments, eve-ry-one.
But although that's a simple 21st century fact we all need to learn to accept and live with, what may not be so easy to swallow for the 53 million+ aforementioned people is hearing a 21-year-old describe just how effortlessly he was able to hit the jackpot.
Born in the US and raised in Northern Virginia by his Turkish mother, John Binns (which, believe it or not, is not a fake name) reached out to the Wall Street Journal
to, well, get some attention after discovering an "unprotected router exposed on the internet" just last month.
Incredibly enough, the discovery was made with the help of a "simple tool available to the public", relatively quickly leading to the unauthorized access of more than 100 servers containing all the information that's now compromised for good.
We're talking everything from phone numbers to IMEI and IMSI data, as well as customer names, birth dates, Social Security numbers, addresses, and driver's license/ID information, which was all stored together for some reason for current, former, and even just "prospective" T-Mobile
With all of that in mind, it's easy to understand why the aspiring hacker who single-handedly managed to penetrate all of Magenta's protections in the space of a few weeks views the company's security as an embarrassment.
Even more people than previously reported were impacted
The good news is that T-Mo still has no reason to believe any sort of financial, credit card, debit, or other payment information pertaining to personal or business accounts has been compromised, although as the ongoing investigation progresses, that could obviously change at any time.
The bad news is the types of impacted business information are sensitive enough to cause some serious damage, including everything from business names to federal tax IDs, addresses, contact names, and business phone numbers, not to mention personal data ranging from names to drivers' licenses, government identification numbers, SSNs, birth dates, addresses, phone numbers, and last but not least, IMEI and IMSI numbers.
In short, this is bad, nay, "awful", and it's only getting worse as more information comes to light. For what it's worth, T-Mobile is "confident" that the "bad actor's" access to its internal systems has been closed off, and oh, look, there's an Apple TV+ freebie
to distract you from this huge scandal.