Data Breaches week of Week of August 8th, 2021


T-Mobile sent me a text today regarding a data breach on my account.   In the text was a general statement for me to protect my account.  Personally I would like to keep this account if possible. 
That said I'm guessing it was an internal job done by a disgruntled employee as probably a few of the data breaches I have seen this past year.
T-Mobile data breach: More than 50 million people now affected
The company is reportedly now facing a class-action lawsuit, according to papers filed in a Washington court and seen by Vice.
The fallout from T-Mobile's latest data breach is going from bad to worse. In an update issued Friday, the mobile carrier reported that hackers had illegally accessed one or more associated customer names, addresses, dates of birth, phone numbers, IMEIs and IMSIs of 5.3 million current postpaid customers. T-Mobile also said it had identified an additional 667,000 accounts of former customers that were accessed, with customer names, phone numbers, addresses and dates of birth compromised.
I am guessing that Capital One did not fix their security from the last data breach they had.
Our Capital One cards were both breached with illicit charges on two Capital One cards this past week.  Charges occurred on same dates.  Guessing that Capital One is having an issue.  Cards are not used much.  (maybe one charge in the last couple of months on one of two cards).  Personally cancelling this account as soon as possible after multiple phone calls to prove who we were talking to folks with a less than stellar command of the English language.
Updated 11:26 AM ET, Wed June 30, 2021
New York (CNN Business)The US Justice Department has filed additional charges against the hacker accused of illegally accessing more than 100 million Capital One customers' accounts and credit card applications in 2019.
Paige Thompson, a former Amazon engineer, now faces six counts of computer fraud and abuse, one count of access device fraud and one count of aggravated identity theft in addition to the original two charges. The superseding indictment also lists four additional victims of Thompson's hacking. She could serve up to 20 years in prison.
n 2019, Thompson allegedly gained access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to people's names, addresses, credit scores, credit limits, balances, and other information in, according to the bank and the US Department of Justice. The hack marked one of the largest data breaches in history.
Following the incident, Capital One entered into consent orders with the Fed and the Office of the Comptroller of Currency. The Fed then filed a cease and desist order, laying out steps the bank needed to take to improve its security, while the Office of the Comptroller of Currency filed an $80 million civil penalty against the bank.
In addition to accessing data, the Justice Department also alleges that Thompson shared details of the hack online.
The Department of Justice said Thompson posted about the tools she used to hack Capital One on GitHub, a software development site where programmers can post projects, using her full first, middle and last names.
The complaint also includes screenshots of a Slack channel in which Thompson, under the alleged alias "erratic," posted a list of Capital One files she claimed to possess and explained how she extracted the files.
The agency also alleges that Thompson made statements on other social media platforms about possessing Capital One data, listing a Twitter handle that allegedly belonged to Thompson, @0xa3a97b6c in the complaint. The account has since been suspended.
"Ive basically strapped myself with a bomb vest, f—ing dropping Capital One's dox and admitting it," Thompson allegedly wrote in a private message via Twitter.
Thompson's private Twitter messages also included references to distributing the names, Social Security numbers and dates of birth for the customers whose records she breached, according to the Justice Department.
Thompson's trial, which has been postponed several times for further discovery and because of the pandemic, is now set for March 14, 2022.
I was a T-Mobile customer as well and no email here.  This was the third T-Mobile data breach in a short period of time.  Inside job or not makes no difference to me. Millions of people that had their data breached (and were talking Social Security Numbers, Driver License Numbers, addresses and usernames) were not even T-Mobile customers. They may have been past customers or ones who weren't approved. Why was this data in their system in the first place?  
I said I WAS a T-Mobile subscriber, but as of today, I am not, and will NEVER be again. On AT&T and MUCH better coverage. 
Google is one of the worst for suddenly having your documented password not work suddenly. Then when you ask to reset your password they suddenly need to know what colour toilet paper you use and the name of your mother's uncle's dog or you are locked out of your account.
My bank tried this on me a few times, saying that my card was used in a known card hacker store. I could see through their BS because I only ever used that card at one store that refused to accept any credit cards, and the bank machine inside my physical bank's kiosk machine. When asked if an employee was caught hacking, they clammed up and repeatedly replied "We didn't say that".
This seems to be a product of the KYC laws. Each time we supply more personal information the hackers eventually get that also. Now we have to keep a log of family history in our back pockets. It can't be on our cell phones or they will gain access to that too. :)
This is the text message I received from T-Mobile.
T-Mobile has determined that unauthorized access to some of your information, or others on your account, has occurred, like name, address, phone number and DOB. Importantly, we have NO information that indicates your SSN, personal financial or payment information, credit/debit card information, account numbers, or account passwords were accessed. We take the protection of our customers seriously. Learn more about practices that keep your account secure and general recommendations for protecting yourself:
I switched over to T-Mobile a few years (~10 years ago maybe) back after I got slammed by AT&T relating to my grandfathered account from the 1990's.  Recalling now that a letter was circulated to Best Buy employees to kill all grandfathered AT&T accounts.  This was strike #2 against AT&T. 
In the early 2000's had to use a modem for about two weeks to connect to work before getting Internet access.  AT&T charged me data charges on that next bill around $300-$400.  I switched to Sprint copper services after telling AT&T off.
AT&T strike #3 was when they purchased DirectTV and slammed my grandfathered DTV account.  I have welcomed the news that they have spun off Direct TV.
So AT&T will always be on my S list and nothing will ever change that.
The T-Mobile account a no contract deal of $25 per SIM for 5 SIM cards with unlimited voice and data at the time around 8-10 years ago.  I have never logged in on line and do not recall ever giving an personal financial or payment information or credit card information.  I also wanted to make sure that I received a paper bill which I still get today.
Another data breach....
AT&T denies data breach after hacker auctions 70 million user database
August 20, 2021 09:43 AM 
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. 
The threat actor, known as ShinyHunters, began selling this database yesterday on a hacking forum with a starting price of $200,000 and incremental offers of $30,000. The hacker states that they are willing to sell it immediately for $1 million.
From the samples shared by the threat actor, the database contains customers' names, addresses, phone numbers, Social Security numbers, and date of birth.
A security researcher who wishes to remain anonymous told BleepingComputer that two of the four people in the samples were confirmed to have accounts on
Other than these few details, not much is known about the database, how it was acquired, and whether it is authentic.
However, ShinyHunters is a well-known threat actor with a long history of compromising websites and developer repositories to steal credentials or API keys. This authentication is then used to steal databases, which they then sell directly to other threat actors or utilize a middle-man data breach seller.
In many cases, when a database is not sold, ShinyHunters will release it for free on hacker forums.
In the past, ShinyHunters has breached numerous companies, including Wattpad, Tokopedia, Microsoft's GitHub account, BigBasket, Nitro PDF, Pixlr, TeeSpring,, Mathway, and many more.
AT&T denies suffering a breach
After learning of the threat actor's claims, BleepingComputer reached out to AT&T to see if the data belonged to them.
In multiple emails, AT&T has told BleepingComputer that the data is not from their systems and has not recently been breached.
"Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems." - AT&T.
When asked whether the data may have come from a third-party partner, AT&T chose not to speculate.
"Given this information did not come from us, we can't speculate on where it came from or whether it is valid," AT&T told us in a follow-up email.
ShinyHunters has told BleepingComputer that they are not surprised that AT&T denies the breach and continues to state that it comes from them.
"I don't care if they don't admit. I'm just selling," ShinyHunters told BleepingComputer.
While ShinyHunters states that they did not contact AT&T, they said they are willing to "negotiate" with the company.
When we asked the threat actor for further information about the breach, ShinyHunters refused to provide any other details.
This news comes soon after a different threat actor tried to sell the stolen data of 100 million T-Mobile customers.
T-Mobile latest confirmed they were hacked, and the cyberattack exposed the personal data of 48 million T-Mobile customers.
Sounds like a simple attempt at blackmail. Who would pay that kind of money for a file that may be blank or faked. The confirmed accounts could be the accounts of the fake file vendor, set up for verification of authenticity. Of course for that money the buyer would likely want some other random proof.