Technology T-Mobile website bug let hackers steal data with a phone number

19:03  11 october  2017
19:03  11 october  2017 Source:   Engadget

WSJ: Russian Hackers Stole Material On NSA's Offensive, Defensive Tactics

  WSJ: Russian Hackers Stole Material On NSA's Offensive, Defensive Tactics Russian hackers stole information about how the National Security Agency gains access to foreign computer networks and protects those in the United States by exploiting an NSA contractor’s use of a popular antivirus program, the Wall Street Journal reported on Thursday. The Wall Street Journal reported, citing unnamed sources with knowledge of the matter, that hackers working for the Russian government stole the highly classified material in 2015 after an NSA contractor transferred it to his home computer.

Up until last week, a T - Mobile website had a serious security hole that let hackers access user's email addresses, accounts and a phone 's IMSI network code, according to a report from Motherboard. Attackers only needed your phone number to obtain the information

North Korean hackers allegedly stole South Korean and US war plans. Mobile . OnePlus is collecting your private data without permission. The company isn' t even making the information anonymous, either.

  T-Mobile website bug let hackers steal data with a phone number © Provided by Engadget

Up until last week, a T-Mobile website had a serious security hole that let hackers access user's email addresses, accounts and a phone's IMSI network code, according to a report from Motherboard. Attackers only needed your phone number to obtain the information, which could be used in social engineering attacks to commandeer your line, or worse.

The security research who discovered the hole, Karan Saini from startup Secure7, notes that anyone could have run a script to scrape the data of all 76 million T-Mobile users and create a searchable database. "That would effectively be classified as a very critical data breach, making every T-mobile cell phone owner a victim," he told Motherboard.

North Korean hackers allegedly steal US-S. Korea war plans

  North Korean hackers allegedly steal US-S. Korea war plans North Korean hackers allegedly stole classified military documents from a South Korean Defense Ministry database in September 2016, a South Korean lawmaker said.Rhee, who belongs to the ruling Democratic Party and sits on the Defense Committee, told CNN on Tuesday that he received information about the alleged hacking from the Defense Ministry.

In case you're wondering what kind of details the hackers stole . Mobile . OnePlus is collecting your private data without permission. The company isn' t even making the information anonymous, either.

In case you're wondering what kind of details the hackers stole . Mobile . OnePlus is collecting your private data without permission. The company isn' t even making the information anonymous, either.

T-Mobile said in a statement that "we were alerted to an issue that we investigated and fully resolved in less than 24 hours. There is no indication that it was shared more broadly." Saini notes that T-Mobile offered him a $1,000 reward as part of its bug bounty program.

A bunch of SIM swapping kids had [the hack] and used it for quite a while.

However, an anonymous hacker disputes T-Mobile's claim that the bug wasn't shared broadly, telling Motherboard that "a bunch of SIM swapping kids had [the hack] and used it for quite a while." They could have exploited the data to "socially engineer," or basically con, T-Mobile technicians into handing over replacement SIMs by pretending they're the owners of the line. Motherboard also discovered a YouTube video dated August 6th that describes exactly how to execute the hack.

T-Mobile website bug let hackers steal data with a phone number

  T-Mobile website bug let hackers steal data with a phone number Up until last week, a T-Mobile website had a serious security hole that let hackers access user's email addresses, accounts and a phone's IMSI network code, according to a report from Motherboard. The security research who discovered the hole, Karan Saini from startup Secure7, notes that anyone could have run a script to scrape the data of all 76 million T-Mobile users and create a searchable database. "That would effectively be classified as a very critical data breach, making every T-mobile cell phone owner a victim," he told Motherboard.

Until last week, a bug on a T - Mobile website let hackers access personal data such as email address, a customer's T - Mobile account number , and the phone 's IMSI, a standardized unique number that identifies subscribers.

Equifax breach included 10 million US driving licenses. In case you're wondering what kind of details the hackers stole . From around the web . About.

In fact, this is exactly what happened to Techcrunch writer John Biggs on August 22nd. After impersonating him and obtaining a replacement for his T-Mobile SIM, a hacker was able to quickly change his Gmail, Facebook, and other passwords, even though they were protected by two-factor SMS authentication.

It's impossible to say whether the security hole helped the hackers swindle hapless T-Mobile tech support employees into sending them replacement SIMs, but it certainly appears plausible. (Tech support folks are supposed to require security question responses, invoices and other information, but often hand over SIMs to smooth-talking hackers without it.) We've reached out to T-Mobile and the FCC to find out if there was an uptick in such attacks over the last few months.

Motherboard

Google will pay hackers who find flaws in top Android apps .
Google is probably hoping to raise the quality of apps in the Play store by launching a new bug bounty program that's completely separate from its existing one. Google promises $1,000 for every issue that meets its criteria, but bounty hunters can't simply choose a spammy app (of which there are plenty on the Play Store) to cash in. For now, they can only get a grand if they can find an eligible flaw in Dropbox, Duolingo, Line, Snapchat, Tinder, Alibaba, Mail.ru and Headspace. Google plans to invite more app developers in the future, but they have to be willing to patch any vulnerabilities found...

—   Share news in the SOC. Networks

Topical videos:

This is interesting!