T-Mobile, one of the largest phone carriers in the U.S., tried to pay the hackers to get back its customer data leaked in a previous breach. The move backfired and they lost $200,000 in the process. Hackers continued to sell the data even after receiving the ransom from a third party allegedly representing T-Mobile.
Department of Justice arrested Diogo Santos Coelho who seems to be the administrator of the website that sells stolen data.
The T-Mobile Data Leak
T-Mobile data leak happened back in 2021 when hackers stole the data of over 100 million customers. The hackers took to a data auction site called Raid Forums to sell the compromised information. They offered the data in exchange for 6 Bitcoins which translates to roughly $270,000. T-Mobile took cognizance of this matter after hearing about the reports of such data, which was available for purchase on underground forums.
Motherboard established a connection with the seller and verified the authenticity of the seller’s claims about the T-Mobile data leak. They found that the data indeed belonged to the users of T-mobile. It contained security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver’s license information.
Later, T-Mobile confirmed that hackers managed to gain access to their servers. The company assured that the entry point was patched and the intruders were kicked out.
How did T-Mobile lose $200,000?
T-Mobile hired a third-party cybersecurity firm called Mandiant to look into the matter. Apparently, the third party tried to pay hackers for exclusive access and stop further sales of the leaked customer data. After the transaction happened, the hackers continued to sell the data on the forum.
Thus, the ingenious plan by the third party to fix T-Mobile Data Leak failed spectacularly. However, it is unclear if T-Mobile gave clearance and money to buy the data back, or if the third party made this decision on its own.
T-Mobile CEO Mike Sievert explained the T-Mobile data leak a few months back. He said, “Through our investigation into this incident, which has been supported by world-class security experts Mandiant from the very beginning, we now know how this bad actor illegally gained entry to our servers and we have closed those access points. We are confident that there is no ongoing risk to customer data from this breach.”
It’s clear from the statement that T-Mobile hired Mandiant to do a risk assessment and analyze the hack. However, it is a mystery whether Mandiant tried to buy back the data on behalf of T-Mobile.
