Security News > 2021 > August > T-Mobile US probes claims of 100m stolen customer records up for sale on dark web
T-Mobile US is investigating claims that highly sensitive personal data of 100 million customers has been stolen and peddled via the dark web.
The seller said it's likely T-Mobile US is up to speed on the security breach because a backdoor used to exfiltrate this data from the telco's servers had been closed.
Volodymyr "Bob" Diachenko, an expert in scouring the internet for data-leaking systems, today said he found in mid-July a non-protected, publicly-facing database containing 1.9 million records belonging to the FBI-run Terrorist Screening Center.
The records apparently included people's names, citizenship, passport numbers, and their no-fly status.
Amazon will monitor the keyboard and mouse movements of its support desk workers to catch miscreants misusing or pilfering customer data, it was reported last week.
In an advisory on Thursday, Drupal described a "Moderately critical" flaw in the third-party WYSIWYG editor CKEditor, which, if enabled on your Drupal system, can be exploited via "One or more Cross-Site Scripting vulnerabilities" to potentially perform actions as a logged-in user or administrator.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/08/16/in_brief_security/
Related news
- Massive AT&T, Verizon, and T-Mobile outage impacts US customers (source)
- Cutting kids off from the dark web – the solution can only ever be social (source)
- Massive AT&T outage impacts US mobile subscribers (source)
- Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets (source)
- Ransomware as a Service and the Strange Economics of the Dark Web (source)