The company previously disclosed breaches in 2018, 20, as well as in January of this year. However, what has me surprised (and I am a T-Mo customer) is that this is its fifth known breach in less than three years. The rest of the data is apparently being sold privately, rather than being made publicly available. However, that is only for most of the data – about 30 million people’s worth. The hacker is asking for six Bitcoin tokens, which are worth roughly $276,000 at Bitcoin’s current exchange rate. The validity of the data was confirmed by Vice Media’s Motherboard channel, which claims to actually have seen samples of the data and confirmed they contained accurate information on T-Mobile customers. The leaked data includes names, physical addresses, phone numbers, social security numbers, unique IMEI numbers and driver’s licenses information – plenty to create an identity theft crisis. T-Mo claims the actual figure was pegged closer to 40 million. They are also believed to be the same ones who hacked JBS’s meatpacking plant last June.Įarly rumors had it that the T-Mobile’s breach compromised the data of more than 100 million people. The perpetrators are believed to be an affiliate of a top Russian-speaking ransomware gang known as REvil. It was infiltrating before Kysea even knew what was happening. Ergo any company using the tool is vulnerable to getting their files locked. That causes everyone using the VSA tool to be vulnerable.
#Circumventing kaseya agent update#
And how was it done? By creating a fake, malicious software update using Kaseya VSA dubbed “Kaseya VSA Agent Hot-fix.”
#Circumventing kaseya agent code#
These flaws allowed the attackers to circumvent authentication controls, gain an authenticated session, upload a malicious payload and execute commands via SQL injection, achieving code execution in the process. It just so happens that the web interface contained two gaping flaws in the software. This one is much more sophisticated and attacked Kysea’s software, a unified remote monitoring and management tool for handling networks and endpoints, through an authentication bypass vulnerability in the Kaseya VSA web interface. Normally, ransomware attacks take advantage of security loopholes, such as common passwords without two-factor authentication. This is a bit of a different approach to ransomware. Kysea has about 40,000 customers using the tool that was the target of the attack. This ransomware, which attacks tech-management software from a company called Kaseya, was said to have hit as many as 1500 organizations, of which about 50 were what are called managed services providers (MSPs).
But, to be fair, they are in good company. With all the noise about security, of late, and the highly visible and embarrassing breaches of companies such as FireEye, one has to wonder how T-Mo could possibly have a vulnerability that would allow an eight- or nine-figure record data breach. By now everybody and their brother has shouted out that T-Mo got hacked.