Names, addresses, Social Security numbers, birthdays and other sensitive personal information belonging to some of the 15 million T-Mobile customers who had their information hacked is already for sale on the Internet's black market, one cybersecurity firm reported. A number of new listings have surfaced on the dark net, the firm said, advertising information that exactly matches the type of T-Mobile payment information that was taken from credit check company Experian.
Listings for FULLZ data, a reference to someone who's been hacked, were posted throughout the dark net Friday, just one day after T-Mobile reported that partner Experian was breached between September 2013 and September 2015. It's possible that the listings are fake, an example of one illicit data broker trying to trick another into buying information that appears to have been obtained in the T-Mobile breach. Experian previously said there has been no indication that customer information has been used whoever was behind the breach.
“Once fraudstarers get their hands on data, they typically unload it very quickly,” a spokesperson for the Irish fraud detection company Trustev told VentureBeat, which first reported the story this weekend. “So like I saidm it's not definitely T-Mobile/Experian, but it's extremely likely considering the type of data and timing.”
A description below one ad reproduced by VentureBeat notes that the ad is for 10 records, at $1 per record, and payable in bitcoin.