Security News > 2021 > August > T-Mobile’s Security Is ‘Awful,’ Says Purported Thief

T-Mobile’s Security Is ‘Awful,’ Says Purported Thief
2021-08-28 16:58

On Thursday, a 21-year-old US citizen claiming to be the attacker who stole data on more than 50 million T-Mobile customers called the telecom's security "Awful."

As of Aug. 18, T-Mobile had estimated the total number of ripped-off records to be ~40 million: a number that rose to ~50 million on Aug. 20 and could double if the purported thief is true to his word.

John Binns, as quoted by the WSJ. Cybersecurity experts have been nodding vigorously, albeit in more diplomatic terms than "Awful." The Journal spoke with Glenn Gerstell, a former general counsel for the National Security Agency, who said that the fact that the theft included records stolen from prospective clients or former, long-gone customers shows that somebody or somebodies at T-Mobile isn't practicing good data management hygiene: "That to me does not sound like good data management practices," he was quoted as saying.

Some security experts said that the move to pull in the security big guns is a good step, but T-Mobile's got a lot of gunk to scrape out, and it won't happen overnight.

Ian McShane, Field CTO of security firm Arctic Wolf and former Gartner analyst, told Threatpost that, given how many breaches T-Mobile has suffered over the last few years, he's already skeptical about the company's claims that the breach was a "Highly sophisticated" attack.

"Their IT asset management and patching of systems is poor. The combination of poor defenses and a lack of capable real-time detection and response is a recipe for this type of data theft disaster. Once a data rich company like T-Mobile experiences a breach, the flood-gates open to other attackers to find additional cracks. Reports are stating their security is a mess. It's a good step that they are bringing in reputable help to investigate and bolster defenses, but it's going to take T-Mobile years to fully get their security program on par with their responsibility to customers."


News URL

https://threatpost.com/t-mobile-security-awful-thief/169011/