Security News > 2021 > August > T-Mobile US probes claims of 100m stolen customer records up for sale on dark web
T-Mobile US is investigating claims that highly sensitive personal data of 100 million customers has been stolen and peddled via the dark web.
The seller said it's likely T-Mobile US is up to speed on the security breach because a backdoor used to exfiltrate this data from the telco's servers had been closed.
Volodymyr "Bob" Diachenko, an expert in scouring the internet for data-leaking systems, today said he found in mid-July a non-protected, publicly-facing database containing 1.9 million records belonging to the FBI-run Terrorist Screening Center.
The records apparently included people's names, citizenship, passport numbers, and their no-fly status.
Amazon will monitor the keyboard and mouse movements of its support desk workers to catch miscreants misusing or pilfering customer data, it was reported last week.
In an advisory on Thursday, Drupal described a "Moderately critical" flaw in the third-party WYSIWYG editor CKEditor, which, if enabled on your Drupal system, can be exploited via "One or more Cross-Site Scripting vulnerabilities" to potentially perform actions as a logged-in user or administrator.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/08/16/in_brief_security/
Related news
- T-Mobile US fined $31.5M for network security breaches between 2021 and 2023 (source)
- Tor insists its network is safe after German cops convict CSAM dark-web admin (source)
- Companies mentioned on the dark web at higher risk for cyber attacks (source)
- T-Mobile pays $31.5 million FCC settlement over 4 data breaches (source)
- Dutch police arrest admin of 'Bohemia/Cannabia' dark web market (source)
- Dutch cops reveal takedown of 'world's largest dark web market' (source)
- Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation (source)
- Finland seizes servers of 'Sipultie' dark web drugs market (source)