A 21-year-old American said he used an unprotected router to access millions of customer records in the mobile carrier’s latest breach

The hacker who is taking responsibility for breaking into T-Mobile US Inc.’s systems said the wireless company’s lax security eased his path into a cache of records with personal details on more than 50 million people and counting.

John Binns, a 21-year-old American who moved to Turkey a few years ago, told The Wall Street Journal he was behind the security breach. Mr. Binns, who since 2017 has used several online aliases, communicated with the Journal in Telegram messages from an account that discussed details of the hack before they were widely known.

The August intrusion was the latest in a string of high-profile breaches at U.S. companies that have allowed thieves to walk away with troves of personal details on consumers. A booming industry of cybersecurity consultants, software suppliers and incident-response teams have so far failed to turn the tide against hackers and identity thieves who fuel their businesses by tapping these deep reservoirs of stolen corporate data.

The breach is the third major customer data leak that T-Mobile has disclosed in the past two years. The Bellevue, Wash., company is the second-largest U.S. mobile carrier with roughly 90 million cellphones connecting to its networks.

The Seattle office of the Federal Bureau of Investigation is investigating the T-Mobile hack, according to a person familiar with the matter. “The FBI is aware of the incident and does not have any additional information at this time,” the Seattle office said in a statement Wednesday.

Source: T-Mobile Hacker Who Stole Data on 50 Million Customers: ‘Their Security Is Awful’ – WSJ