Security News > 2021 > August > T-Mobile US probes claims of 100m stolen customer records up for sale on dark web

T-Mobile US is investigating claims that highly sensitive personal data of 100 million customers has been stolen and peddled via the dark web.

The seller said it's likely T-Mobile US is up to speed on the security breach because a backdoor used to exfiltrate this data from the telco's servers had been closed.

Volodymyr "Bob" Diachenko, an expert in scouring the internet for data-leaking systems, today said he found in mid-July a non-protected, publicly-facing database containing 1.9 million records belonging to the FBI-run Terrorist Screening Center.

The records apparently included people's names, citizenship, passport numbers, and their no-fly status.

Amazon will monitor the keyboard and mouse movements of its support desk workers to catch miscreants misusing or pilfering customer data, it was reported last week.

In an advisory on Thursday, Drupal described a "Moderately critical" flaw in the third-party WYSIWYG editor CKEditor, which, if enabled on your Drupal system, can be exploited via "One or more Cross-Site Scripting vulnerabilities" to potentially perform actions as a logged-in user or administrator.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/16/in_brief_security/