T-Mobile has been breached (again). Data has been exfiltrated and it is being shared online (again).
This is T-Mobile's 8th breach since 2018.
This is the 3rd breach this year.
This breach is 90GB of exfiltrated employee PII.
This is T-Mobile's 8th breach since 2018.
This is the 3rd breach this year.
This breach is 90GB of exfiltrated employee PII.
π€£112π9π«‘9π€6π’4π3β€1
Hello, prepare yourself for another long post about the new T-Mobile breach and a mistake that we made.
Mistake: Employee PII was leaked, NOT customer PII. This is the 2nd time a T-Mobile breach has exposed T-Mobile employees.
We've had a large number of people asking how we knew about the T-Mobile breach and, is is tradition, we knew because the people responsible for it (leaking) notified us. However, it is already being discussed on forums.Unlike previous times we're given information prior to it's "official" media announcement, we can do more than "trust me, bro".
The breach was performed by an individual named "Doubl". The information was leaked by an individual named "Emo".
Oh, and hi Emo :)
The T-Mobile breached occurred in April, 2023. Data from the breach was not shared until September 21, 2023 (today, as of this writing). This breach occurred shortly after the 2nd breach of this year, which occurred in March, 2023. We do not know why it took the Threat Actor(s) several months to leak the data, we can only speculate, so we will not =D
The leak was shared on the infamous BreachForum, information from the database is publicly available and is already being disseminated throughout Telegram and Discord.
The information from the leak is very large and we would not be able to sufficiently detail everything leaked in text because it is multiple databases. See attached image for a list of all data leaked.
Image 1. Data from the leak. It is censored to protect employees.
Image 2. List of database rows leaked
Mistake: Employee PII was leaked, NOT customer PII. This is the 2nd time a T-Mobile breach has exposed T-Mobile employees.
We've had a large number of people asking how we knew about the T-Mobile breach and, is is tradition, we knew because the people responsible for it (leaking) notified us. However, it is already being discussed on forums.Unlike previous times we're given information prior to it's "official" media announcement, we can do more than "trust me, bro".
The breach was performed by an individual named "Doubl". The information was leaked by an individual named "Emo".
Oh, and hi Emo :)
The T-Mobile breached occurred in April, 2023. Data from the breach was not shared until September 21, 2023 (today, as of this writing). This breach occurred shortly after the 2nd breach of this year, which occurred in March, 2023. We do not know why it took the Threat Actor(s) several months to leak the data, we can only speculate, so we will not =D
The leak was shared on the infamous BreachForum, information from the database is publicly available and is already being disseminated throughout Telegram and Discord.
The information from the leak is very large and we would not be able to sufficiently detail everything leaked in text because it is multiple databases. See attached image for a list of all data leaked.
Image 1. Data from the leak. It is censored to protect employees.
Image 2. List of database rows leaked
π48π―6π₯4β€1π«‘1
It's the year 2050, Neurolink is a mainstream success.
Nerds use Flipper Zero to make you poop your pants while sleeping
Nerds use Flipper Zero to make you poop your pants while sleeping
π€£211π10β€7π€5π5π±3β€βπ₯2π1
Poopy pants ransomware group (PP for short)
π€ͺ96π€£25π10β€7π€4π2β€βπ₯1π1
Today BleepinComputer reached out to T-Mobile regarding the allegations of them being compromised.
T-Mobile informed them that it was NOT T-Mobile corporate that was compromised, rather it was a T-Mobile franchise. This breach was disclosed in court May 10th, 2023. The data was not leaked until yesterday.
Luckily, this only impacted 17,835 past and current employees
https://www.jdsupra.com/legalnews/amtel-llc-dba-connectivity-source-3147197/
T-Mobile informed them that it was NOT T-Mobile corporate that was compromised, rather it was a T-Mobile franchise. This breach was disclosed in court May 10th, 2023. The data was not leaked until yesterday.
Luckily, this only impacted 17,835 past and current employees
https://www.jdsupra.com/legalnews/amtel-llc-dba-connectivity-source-3147197/
JD Supra
Amtel, LLC dba Connectivity Source Notifies 17,835 Current and Former Employees of Recent Data Breach
On May 10, 2023, Amtel, LLC dba Connectivity Source filed a notice of data breach with the Maine Attorney General after learning that an unauthorized party had gained access to the companyβs IT...
π€ͺ38π€£18π5
This media is not supported in your browser
VIEW IN TELEGRAM
When the security analysts and network administrators detect unusual activity on the network
π€£114π28β€6π€ͺ5π«‘3π2
We listened to over 500 recordings. Highlights include:
- Employee calls in sick on their first day on the job
- Someone got the job! (Congrats Ms. Sneed)
- Old people who are extremely confused and refer to cell phones as 'towers'.
- People who are not sure if they're even talking to T-Mobile (???)
- A woman telling the store her Dad's house burned down (and laughs about it?)
- A guy who did not get the job and asks why very, very, very aggressively
- Employee calls in sick on their first day on the job
- Someone got the job! (Congrats Ms. Sneed)
- Old people who are extremely confused and refer to cell phones as 'towers'.
- People who are not sure if they're even talking to T-Mobile (???)
- A woman telling the store her Dad's house burned down (and laughs about it?)
- A guy who did not get the job and asks why very, very, very aggressively
π122π€£29π±16π6π₯6β€4π«‘2π’1
We're almost done with migration.
Thank god. Seriously. It took 2 christmas miracles to get this thing where it is now
Thank god. Seriously. It took 2 christmas miracles to get this thing where it is now
π84π15π₯°6β€βπ₯5π€―1
vx-underground is a dangerous website. When visiting the website it is advised you wear a full hazmat suit. If that is not an option, a construction hard hat will suffice.
Thanks,
Thanks,
π100π«‘31π€£14π8β€5π±5π―2π€©1π1π€ͺ1
Hello,
We've had a few people reach out to us regarding to Black Mass Volume I & II. Yes, the PDFs are intentionally left publicly available on the website. The e-book is free, the physical copies are available on Amazon.
Nobody leaked them on Discord.
Have a nice weekend:)
We've had a few people reach out to us regarding to Black Mass Volume I & II. Yes, the PDFs are intentionally left publicly available on the website. The e-book is free, the physical copies are available on Amazon.
Nobody leaked them on Discord.
Have a nice weekend:)
β€βπ₯60π€£41π9π5π€ͺ4π2π2π«‘2π±1
Black Mass Volume I can be read here: https://samples.vx-underground.org/root/Papers/Other/VXUG%20Zines/2022-11-13%20-%20Black%20Mass%20Halloween%202022.pdf
Black Mass Volume II can be read here: https://samples.vx-underground.org/root/Papers/Other/VXUG%20Zines/2023-09-19%20-%20Black%20Mass%20Volume%20II.pdf
Black Mass Volume II can be read here: https://samples.vx-underground.org/root/Papers/Other/VXUG%20Zines/2023-09-19%20-%20Black%20Mass%20Volume%20II.pdf
β€70π9π«‘8β€βπ₯4π₯°1π1π±1
Today Basssterlord, a member of National Hazard Agency (a subgroup of Lockbit ransomware group) deleted his Twitter profile.
He requested that we note that it was not due to harassment or law enforcement.
He said they're very busy and now is not a good time to meme onlineππ
He was spending too much time memeing and shit posting πππ
He requested that we note that it was not due to harassment or law enforcement.
He said they're very busy and now is not a good time to meme onlineππ
He was spending too much time memeing and shit posting πππ
π€£119π«‘18π7π±2
Because nerds keep asking us about alleged Sony ransomware incident
tl;dr Threat Actors did not deploy ransomware, no corporate data was stolen, services not impacted. Data was exfiltrated from Jenkins, SVN, SonarQube, and Creator Cloud Development. They're extorting Sony
tl;dr Threat Actors did not deploy ransomware, no corporate data was stolen, services not impacted. Data was exfiltrated from Jenkins, SVN, SonarQube, and Creator Cloud Development. They're extorting Sony
β€29π€£25π8π€4π«‘2
cl0p ransomware group has ransomed SickKids, one of the largest pediatric healthcare facilities in the world.
They've exfiltrated 13 years of data related to fertility, pregnancy, and healthcare information on children (including newborns).
https://techcrunch.com/2023/09/25/decade-of-newborn-child-registry-data-stolen-in-moveit-mass-hack/
They've exfiltrated 13 years of data related to fertility, pregnancy, and healthcare information on children (including newborns).
https://techcrunch.com/2023/09/25/decade-of-newborn-child-registry-data-stolen-in-moveit-mass-hack/
TechCrunch
Decade of newborn child registry data stolen in MOVEit mass-hack
Ontarioβs government-funded birth registry has confirmed a data breach affecting some 3.4 million people who sought pregnancy care, including the personal health data of close to two million newborns and children across the Canadian province.
π’108π€10π₯6π4β€2π2
Interesting side note: In 2022 this facility was ransomed by Lockbit ransomware group. Subsequently Lockbit ransomware group administrative staff apologized (for the first time) and gave the decryption key for free (for the first time).
Let's hope cl0p does the same.
Let's hope cl0p does the same.
π71π₯°8π€8π6
vx-underground
cl0p ransomware group has ransomed SickKids, one of the largest pediatric healthcare facilities in the world. They've exfiltrated 13 years of data related to fertility, pregnancy, and healthcare information on children (including newborns). https://techβ¦
Hello, apologies - we believe this post lacks clarity.
They did not ransom* SickKids, as in deploy ransomware, we meant they're extorting SickKids because they exfiltrated sensitive data.
To be the best of our knowledge no ransomware payload was deployed.
They did not ransom* SickKids, as in deploy ransomware, we meant they're extorting SickKids because they exfiltrated sensitive data.
To be the best of our knowledge no ransomware payload was deployed.
π«‘53π5β€4