In mid-August, a T-Mobile data breach occurred that exposed the information of almost 50 million people. John Binns, the man claiming to be behind the attack, is now explaining why, and how he did it.

Binns told the Wall Street Journal that he was able to access both current and former customer data by scanning unprotected routers. One of the routers he scanned allowed him to access a Washington state data center, which stored credentials for over 100 servers. He called T-Mobile’s security “awful”, and said that the amount of data he was able to access actually made him panic.  In the same report, it was implied that Binns had collaborated with others for at least parts of the hack.

Information that was accessed in the hack included personal information such as names, birthdates, cellular data, and social security numbers. In a statement, T-Mobile said that they’re “confident” that they “closed off the access and egress point that bad actor used in the attack.”

According to Binns, he has a troubled history with US Intelligence agencies.  In a 2020 lawsuit, Binns demands that the CIA, FBI, DOJ and other agencies tell him what information they have on him. The lawsuit also claims that the government had information trying to convince Binns to buy Stinger missiles on an FBI-owned website, attacked him with psychic and energy weapons, and tried to kidnap and torture him.

Binns told the Wall Street Journal that one of the reasons behind the T-Mobile attack was to “generate noise”, in the hopes that someone will leak information related to the alleged kidnapping attempt against him.  After exposing himself as the attacker in the T-Mobile attack, it’s unlikely that his relationship with the U.S. government will improve.  However, if the details of his attack on T-Mobile are true, it shines a very concerning light on T-Mobile’s security practices.

Story via The Verge