Hackers hit Chicago-based mobile network operator US Cellular, and the company reported that threat actors figured out a way to trick employees into running malware software in a few stores. Now, data of 52,000 people has been dumped, for free, on a hacking forum.
Tricking employees into running software, opening attachments or clicking on malicious links is straight from the hacker playbook. Circumventing security solutions and the network infrastructure is almost impossible, so attackers hit the next vulnerable link, the human sitting between the keyboard and chair. Why bother defeating layer upon layer of protection when you can have someone open the door?
According to a Security Media Group report, that’s exactly what the hackers did. They tricked employees of a third-party service provider, and they were in.
“We have been made aware of a recent security incident at a former third-party vendor resulting in unauthorized access to now out-of-date US cellular customer data. Our relationship with this third-party vendor was for a limited time,” said a US cellular spokesperson.
There’s a thin silver lining to this entire story, according to the spokesperson. The attacker only managed to get their hands on names, email addresses and a few other types of account information. Other stuff, such as Social Security and credit card numbers, are not part of this data breach.
The Security Media Group report also includes the fact that a user by the name “IntelBroker” posted the database, containing 144,000 entries, on a well-known forum. Unfortunately, that database does contain some private information, including customer subscriber ID, subscriber and account keys, account balance, and a few other things that don’t belong on a public forum.