T-Mobile has acknowledged the breach which occurred before police arrested some of the Lapsus$ members last month.
The infamous Lapsus$ hacking group managed to steal T-Mobile’s source code in March 2022, days before the group’s prolific members got arrested in the same month.
For your information, Lapsus$ is a notorious group of teen hackers that mainly hunts for the source code of high-profile and large tech firms. Some of its previous and successful attacks include Samsung, Microsoft, Nvidia, Okta, and Ubisoft.
In its latest breach against T-Mobile, the Lapsus$ group reportedly downloaded over 30,000 source code repositories of the carrier in March 2022.
How Did the Attack Occur?
Speaking to Brian Krebs, T-Mobile stated that their monitoring tools detected an unauthorized individual trying to access its internal systems using stolen credentials. Reportedly, Lapsus$ hackers managed to buy stolen T-Mobile credentials from dedicated marketplaces like Russian Market and several others.
According to the telecom giant, the hackers used the carrier’s employees’ credentials and internal devices such as its CMS or Atlas systems that could be used to conduct SIM swaps attacks.
It is worth noting that Atlas is a powerful internal T-Mobile tool for managing customer accounts. Lapsus$ used the tool to look up accounts associated with the FBI and Department of Defense. However, they weren’t successful because of additional verification measures required to access these accounts.
T-Mobile confirmed that the systems Lapsus$ hackers accessed didn’t contain customer data or government information, or other sensitive information. In a statement to The Verge, T-Mobile said that:
“Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software. Our systems and processes worked as designed, the intrusion was rapidly shut down and closed off, and the compromised credentials used were rendered obsolete.”
T-Mobile
What is SIM Swapping?
For your information, SIM swapping is also known as SIM Hijacking. It is a kind of identity theft in which an attacker manages to create a new SIM card of any number fraudulently and use it for personal gains, without the knowledge or consent of the original user of the phone number.
To get the duplicate SIM card, the attacker usually calls the telecom firm and convinces their customer support service for being the actual owner of the phone number by providing the target’s personal information. Thus, the telecom firm ports the phone number to a new SIM card that is received by the attacker.
It is due to SIM Swapping attacks that users including celebrities and top executives have lost millions of dollars to cybercriminals in the last few years.
It rains data breaches at T-Mobile
It is worth noting that T-Mobile has more than 104 million subscribers yet its security measures are highly dubious. In 2021 alone, the company suffered two successful data breaches (1 and 2) in which millions of its customers’ data was stolen and sold on hacking forums.
The hacker who claimed responsibility for one of the attacks called the carrier’s security “awful.” From 2015 to 2021, T-Mobile has made headlines for several other security-related incidents including exposure of customers’ data, a security vulnerability that allowed mass hijacking of customers’ accounts,
In December 2021, the telecom giant was in news again after it announced yet another data breach that exposed users to SIM swapping attacks. The list goes on…
More Telecom Data Breaches
- Spanish telecom giant MasMovil hit by Revil ransomware gang
- Telecom giant behind routing SMS discloses 5-year-long data breach
- Ukrainian Hacker Hacks Polish Telecom Giant Netia; Leaks Massive Data
- Hacker extracts customer data from Canadian Telecom Firm after rebuttal
- Croatian Police arrests minor over A1 Telecom data breach & ransom demand