Court Records Reveal T-Mobile Paid RaidForums Hackers In A Failed Attempt To Stop Data Leaks
Among these documents is an affidavit in support of Coelho’s arrest and extradition to the United States for prosecution. The affidavit recounts events that appear to align with a T-Mobile data breach that occurred in August of last year. According to the document, a RaidForums user by the name of “SubVirt” posted a small sample of a data set from a recent hack. The user offered to sell the whole data set for six Bitcoin, which was worth roughly $270,000 at the time. This post, titled “SELLING-124M-U-S-A-SSN-DOB-DL-database-freshly-breached,” went up on August 11, 2021, but SubVirt later reposted the offer on August 14 with the title “SELLING 30M SSN + DL + DOB database.”
However, what we didn’t know back then was that T-Mobile apparently tried to purchase the stolen data. According to the affidavit, the wireless communications provider hired a third-party that, acting on behalf of the company, posed as a prospective buyer and purchased a sample of the data set for $50,000 in Bitcoin. That same third party later purchased the rest of the database for a Bitcoin sum worth $150,000.
This third party purchased the full data set on the condition that SubVirt would destroy their copy of the data, giving only this third party exclusive rights to the data set. However, this agreement apparently did not work out as planned. The affidavit (PDF) states that, “it appears the co-conspirators continued to attempt to sell the databases after the third-party’s purchase.” Thus, it seems that T-Mobile unsuccessfully attempted to prevent its stolen customer data from being shared on the web by buying it back for the princely sum of $200K, but it backfired. This saga goes to show you that, indeed, there is no honor among thieves.