T-Mobile customers may want to brace for some bad news.
The mobile service provider is investigating a reported data breach that may have exposed the private info of more than 100 million people. The would-be perpetrator is apparently trying to sell off a portion of the data, Vice noted in a Sunday report.
The site spoke with the anonymous author of a forum post offering up roughly one-third of the T-Mobile USA customer data in exchange for 6 bitcoins (worth a bit less than $280,000 as of Aug. 15). While it could all be BS, Vice was able to look at samples of the data and confirm that the seller has “accurate information on T-Mobile customers.”
The stolen data, which was reportedly obtained from multiple T-Mobile servers, is filled with identifying information, including names, addresses, and phone numbers; social security numbers; IMEI numbers, which are unique to each mobile device; and driver’s license info. It’s not clear if this data is available for every person exposed in the breach, but the seller did confirm to Vice that their access to T-Mobile’s servers has been cut off.
T-Mobile hasn’t yet responded to Mashable’s request for comment, but the company did tell Vice that it’s “aware of claims made in an underground forum” and is now “actively investigating their validity.”
On the one hand, it’s entirely possible that the seller is misrepresenting the scope of the breach and/or the contents of the information they claim to be selling. T-Mobile likely isn’t going to say anything until there’s a clearer sense of the risks its customers are actually facing. Vice reviewed some of the data and confirmed its authenticity, but who’s to say the seller isn’t pulling a fast one with, say, previously leaked data?
That said, waiting on a giant company to be transparent in situations like this isn’t always the best idea. T-Mobile’s first priority is to its bottom line and the people who own shares in the company. If you are (or even just were) a T-Mobile customer, it might be a good idea to watch for suspicious activity on your accounts until there’s more clarity.