Security researchers have discovered a dark web seller offering 30 million T-Mobile customers’ Social Security and driver license numbers on an underground web forum. The vendor advertises the collection as a subset of the purported 100 million records contained in stolen databases. The records are being offered for just one penny each, while the remainder of the records are being sold privately. The seller claims to have conducted the attack on US infrastructure out of retaliation. The seller stated that the breach was conducted to make a statement against the US for the kidnapping and torture of John Erin Binns.
John Erin Binns is a US citizen who lives in Turkey and claims to have been kidnapped and tortured in Germany by CIA and Turkish intelligence agents in 2019. Binns sued the FBI, CIA, and DoJ in 2020, seeking compensation for the harassment and aiming to compel the US to release documents regarding the harassment under the Freedom of Information Act. The seller does no specifically mention T-Mobile, however, they told news outlets that the information came from the telecommunication giant’s servers. As proof of the validity of the records, the threat actor sent BleepingComputer a screenshot of an SSh connection to a production server running Oracle.
Read More: 100m T-Mobile Customer Records Purportedly Up for Sale