A hacker has claimed responsibility for the T-Mobile data breach which exposed the data of nearly 50 million customers. He also criticized the company’s security while revealing his identity according to a report from The Wall Street Journal.
The individual who goes by the name John Binns made it known to WSJ that he was the one behind the massive cyberattack and even showed evidence to prove his involvement. In this case, he made it known that he could access accounts as well as detailing how he was able to conduct the hacking successfully.
In his details, Binns said he was able to get customers and even former customers’ details from T-Mobile by merely scanning for unprotected routers. He then found one which allowed him to access a Washington state data center that stored credentials for over 100 servers.
He continued by calling T-Mobile’s security “awful” and said he realizing how much data he had access to made him panic. According to the WSJ, it’s unclear whether Binns was working alone, though he implied that he collaborated with others for at least part of the hack.
Binns was able to gain access to sensitive personal data such as names, birthdates, and social security numbers as well as other important cellular data like identification numbers for cellphones and SIM cards.
T-Mobile has said in a statement that it’s “confident” that it’s “closed off the access and egress points the bad actor used in the attack.”
The WSJ’s report goes in-depth into Binns’ history as a hacker. He claims that he got his start making cheats for popular video games and that he discovered the flaw that ended up being used in a botnet that attacked IoT devices (though he denies actually working on the code).
Binns filed a lawsuit back in 2020 where he demanded the CIA, FBI, DOJ, and other intelligence agencies tell him what information they have on him. In the lawsuit, he accused the government of even having an informant try to convince him to buy Stinger missiles on an FBI-owned website, attacking Binns with psychic and energy weapons, and even with being involved in his alleged kidnapping and torture.
An FBI response to his lawsuit denied he was being investigated by the bureau for the botnet or having information related to the alleged surveillance, and abduction, and torture.
In further details by The WSJ, Binns wanted to generate some noise with the hopes that someone in the FBI will leak information related to his alleged kidnapping.
Even though Binns will have to face some consequences for his actions despite coming out to shed more light about how T-Mobile handles its users’ data, this alone could present the giant carrier in a negative light in terms of its security practices.