John Binns, the American hacker responsible for stealing the data of 50 million T-Mobile customers, has been apprehended in Turkey. Here are the details…
The Massive Data Breach
In 2021, global GSM operator T-Mobile, which operates in Germany, announced that its data had been accessed without authorization. This massive data breach affected over 100 million users and was perpetrated by then 21-year-old John Binns. Binns, an American citizen with a Turkish mother, boasted about his exploit in an interview, criticizing the operator’s poor security system. Recently, developments have surfaced indicating that justice will finally be served for this data thief.
Arrested in Turkey
John Binns, who allegedly sold millions of users’ data on various forums, has been living in Turkey in recent years. Due to complicated relations between Turkey and the United States, American authorities have been striving to extradite Binns. Whether he stole 50 million, 100 million, or 30 million records, as he claims, Binns has now been arrested in Turkey.
Following the approval of an extradition request from the U.S. by a Turkish court, Turkish authorities detained Binns. He is expected to be extradited to the United States soon. Prosecutors believe Binns started his data theft attempts as early as 2020.
How the Breach Occurred
Binns used computer programs to scan IP addresses associated with T-Mobile’s networks. He accessed servers used by the Bellevue data center through an unprotected router. It is believed that Binns established backdoors within the system, allowing him to re-enter even if the vulnerabilities were patched by the company.
Employed Accomplices to Sell Data
It is alleged that Binns stole credentials to access the operator’s protected computers and networks. He is also thought to have accessed additional server groups worldwide. After acquiring millions of customers’ information, Binns hired four individuals to help sell the data.
On August 11, 2021, John Binns offered to sell the personal information of over 124 million Americans for approximately $270,000. Later, he claimed he only had access to the data of 30 million customers. A third-party security firm likely purchased the data for around $150,000 to prevent its further dissemination.
Despite some data being bought back for security purposes, this did not stop Binns from attempting to sell the information to others. T-Mobile reported that around 54 million customer records were stolen. The stolen data includes names, social security numbers, birth dates, IMEI, and IMSI numbers.
Conclusion
The capture of John Binns marks a significant step towards justice for the millions affected by this massive data breach. As the extradition process moves forward, the case highlights the ongoing challenges and international cooperation required to tackle cybercrime.
