Hacker Claims T-Cell’s ‘Terrible’ Safety Gave Him Entry to 50 Million Accounts



Now living in Turkey, hacker John Binns shared with the Wall Street Journal how he hacked T-Mobile’s network and gained access to 50 million accounts in July. He did not use advanced tools or very complex methods to break T-Mobile’s security. Instead, the hacking job was made easy because the security of the mobile operator is lax, Binns claims.

Binns said he could access T-Mobile’s network via an unprotected router at the company’s data center near East Wenatchee, Washington. He discovered the vulnerable piece of hardware using a publicly available scanning tool, which he pointed to at T-Mobile’s known Internet addresses.

“I panicked because I had access to something big,” Binns told the Wall Street Journal. “Their safety is terrible.”

Binns is a well-known hacker who has perfected his craft online since 2017 using various online aliases. He shared the details of this T-Mobile hack with WSJ before the wireless operator publicly confirmed the intrusion.

Binns declined to confirm whether he was paid to complete the hack or sold the data he was given.

T-Mobile CEO Mike Sievert said he was “really sorry” for the intrusion that hit 50 million people.

“We did not live up to the expectations we have of ourselves to protect our customers. Knowing that we failed to prevent this exposure is one of the hardest parts of this event. ”

T-Mobile CEO Mike Sievert via AP

The company confirmed that the hack revealed names, social security numbers, driver’s license information and more. Over 40 million customers who applied for T-Mobile credit were affected by this breach. Also involved were 7.8 million current T-Mobile subscribers who pay monthly for their service.

T-Mobile has contacted the accounts that were compromised in connection with this breach. If you are not sure if your account was involved, you can contact T-Mobile Customer Service or log in to your account.

Those who were not affected should see a banner on their account page confirming that the hacker did not steal their account data.