Hacker takes credit for 54 million T-Mobile data breach, calls security ‘awful’

The headquarters of T-Mobile USA in Bellevue, Washington.
(Image credit: VDB Photos/Shutterstock)

A hacker who claims to be behind last week's T-Mobile data breach that compromised 54 million people's personal data told The Wall Street Journal in a story published today (Aug. 26) that the company's "security is awful." 

John Binns, a 21-year-old American living in Turkey, his mother's homeland, told the newspaper that he found an unprotected T-Mobile router online in July, then used that to pivot on Aug. 4 into more than 100 servers containing personal data of current and former customers at a T-Mobile data center in central Washington state.

"I was panicking because I had access to something big," Binns told the Journal in a conversation on the Telegram encrypted-messaging platform.

The Journal said it verified Binns' identity with a series of personal questions, and said the Telegram account he used had provided details of the T-Mobile hack before they became publicly known. 

Binns would not tell the Journal whether he had sold any of the data he stole, or if he was paid to attack T-Mobile. 

This is T-Mobile's fifth or sixth data breach in the past three years, depending who's counting. With such a dismal track record, you might consider taking your business elsewhere if you value your private data.

At least 54 million people affected

The breach came to light Aug. 15 after a hacker offered to sell part of the data, pertaining to 30 million T-Mobile customers, for six bitcoin (about $280,000) in a cybercriminal forum. The Journal implied that the seller may not have been Binns.

More than 54 million current, former and even prospective T-Mobile customers were affected, most of whom had their full names, dates of birth, Social Security numbers and current or former addresses compromised. 

Those four bits of personal information are often all that's required to open an account in someone else's name, and the affected individuals are at serious risk of identity theft.

'Generating noise'

Binns told the Journal that he attacked T-Mobile with the purpose of "generating noise," but added that he had been persecuted by U.S. government agents while he was in Germany. Binns sued the CIA, the FBI and other federal agencies last year, the Journal said, and the case is still active.

When the data breach was initially revealed, the apparent hacker or hackers told an Israeli security researcher that the attack "was done to retaliate against the US for the kidnapping and torture of John Erin Binns (CIA Raven-1) in Germany by CIA and Turkish intelligence agents in 2019," according to Bleeping Computer

The Journal said Binns appeared to be one of many people involved in the Mirai botnet attack that knocked out internet access for most of the U.S. East Coast on Oct. 21, 2016.

T-Mobile is offering anyone affected by the breach two years of free identity-theft protection and credit monitoring. We recommend that any who's ever applied for a T-Mobile account take the company up on the offer, and also freeze their credit files if possible.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.