Some of the data, around 30 million Social Security and driver’s license numbers, has been put up for sale on a well-known forum for trading stolen data. The price is six bitcoins, or around $286,000. The person who is claiming to have breached T-Mobile says he is part of an international group that had access to the company’s systems for two to three weeks until Saturday. The individual claims that T-Mobile left a Gateway GPRS Support Node, or GGSN, that was apparently used for testing, exposed to the internet. GGSNs are part of the core infrastructure that connect mobile devices to the internet. “From there, we pivoted through several different IP addresses and eventually got access to their production servers,” the person says in an instant message. Eventually, the individual accessed more than 100 servers by brute forcing and using credential stuffing on internal T-Mobile servers, most of which were Oracle databases. None had rate limiting enabled.
TALLAHASSEE, FL – Advanced Manufacturing International (AMI) has been awarded a $2M grant