T-Mobile hack affecting 50 million customers illustrates the importance of finding the weakest links in your attack surface

T-Mobile hack affecting 50 million customers illustrates the importance of finding the weakest links in your attack surface

In yet another consequential cyberattack, T-Mobile, one of the largest telecommunication companies in the United States, is the latest victim.

Last month it was revealed that John Binns, a 21-year-old US Citizen who now resides in Turkey, successfully gained access to the sensitive data of over 50 million T-Mobile customers. He listed the database for sale on an underground hacking forum with an asking price of six bitcoin (approximately $280,000 USD).

Information such as names, addresses, social security numbers, and driver's licenses was accessed in the attack. T-Mobile stated that financial and payment information was not compromised.

Binns claims he gained access to T-Mobile's network via an insecure router in July. He had been searching for weaknesses in their attack surface and was able to gain access to over 100 servers, including production, staging, and development servers, at a data center in the state of Washington.  

He then used brute force attacks and other methods to make his way into other IT servers including an Oracle database server that contained customer information. Within a week he had compiled millions of records. T-Mobile has since remediated the compromised servers.

In the aftermath of the breach, T-Mobile faces a host of unanticipated challenges that will impact their business roadmap moving forward. First on their priority list is ensuring that the affected customers stay protected by supplying them with services like McAfee’s ID Theft Protection. T-Mobile also stated that they will aim to enhance their approach to cybersecurity, which will involve substantial investments in security partners and solutions. While these are important first steps, T-Mobile has a long road ahead to regain customer trust and repair reputation damage.

This breach is another unfortunate example of the need for businesses to constantly be on the lookout for the weakest links in their attack surface. Your weakest links are your most attractive assets in the eyes of an attacker because they put up the least resistance and present the easiest opportunity to get inside your business. Once an attacker finds their “in”, they’re going to capitalize on it, using that entry point to move laterally through the network, as they did in the T-Mobile hack.

So, the lesson here is that you can’t just protect your crown jewels. You must pay close attention to all of the assets you expose to the internet because even things like simple misconfigurations on secondary assets can open the doorways that you want to keep tightly locked.

TrustedSite’s all-in-one platform gives organizations the “attacker’s lens” to identify assets that have the greatest risk of being compromised.

Beginning with Attack Surface Discovery, businesses can find and create an inventory of every associated asset and identify weaknesses that could lead to an attack. Services like Firewall Monitoring and Website Monitoring help to ensure that if anything changes or something unusual pops up, you’ll get alerted instantly. And with Server and Application Scanning services, you can uncover OWASP Top 10 risks like SQL injection and cross-site scripting, as well as tens of thousands of common vulnerabilities and exposures (CVEs).  

See how TrustedSite can help you secure your attack surface and prevent a major data breach with a 7-day free trial.