back to article Three Mobile, two alleged hackers, one big customer database heist

UK carrier Three Mobile was the victim of a hacking scheme that has reportedly left the records of millions of customers exposed. According to multiple UK media reports citing both Three and the National Crime Agency (NCA), hackers gained access to a Three database containing the account details of possibly six million …

  1. wolfetone

    One Question

    Are the records of previous customers affected? Because right now I'm not all that bothered because I left them about 3 years ago, but I don't have confidence in a company to remove my data from their systems even though I've removed my flow of cash to their bank account.

    1. Planty Bronze badge
      FAIL

      Re: One Question

      No, and this isn't even news, it's clickbait.

      These weren't even hackers, they were given a log on and password by a store employee in on the scam. No hacking skills needed at all, a non clickbait story would have used the word "thieves"

      1. Roq D. Kasba

        Re: One Question

        Store level franchise grunts get God privs on customer data? TFU

      2. Joe 35

        Re: One Question

        "it depends"

        The stories say 6 million records exposed, but from the sound of it it was a fairly low scale amateur operation one customer at a time to enable them to intercept handsets, rather than they downloaded all 6 million records and flogged on the info, which i'd have thought would net more than a few dodgy handsets are worth

      3. Anonymous Coward
        Anonymous Coward

        Re: One Question

        As a Three customer, thanks for clarifying this. I've heard nothing from Three themselves.

        I've been worrying about what 'exposed' means - hopefully by details haven't been published in the internets as with other full blown 'hacks'...?

  2. Anonymous Coward
    Anonymous Coward

    Would these Telcos and ISPs be the same ones...

    ... that Theresa 'Stasi' May wants to monitor and keep all you internet behaviour records too?!

    These twats can't even keep your personal billing data safe.

    1. Anonymous Coward
      Big Brother

      Re: Would these Telcos and ISPs be the same ones...

      "These twats can't even keep your personal billing data safe."

      Maybe it's all the backdoors the telecom companies have had to install has inadvertently diluted security.

    2. HollyHopDrive

      Re: Would these Telcos and ISPs be the same ones...

      @ac - and that is one of my main objections to the snoopers charter. My data is far more valuable to criminals than the government. I have nothing to hide (I.e. not a criminal) but that's not too say I want my surfing habits available to crooks. Consider the Ashley Masterson customers some of whom were blackmailed, consider that if crooks have my mobile number and know I was say a LLoyds or Barclays etc customer based on my surfing history how much easier it makes it to create a more convincing scamming angle. Text through the mobile operators system if they can compromise that two and a message saying to ring the bank on 0123456789 and related to online banking on date/time. Youd maybe drop your guard a little thinking only my bank knew that so it must be legit.

      You could phone the customers due for an upgrade and offer them say an iPhone 7 for £20 a month and £100 up front. Can I have your card details and the three digit code please., Confirm your address Should be enough....

      It's a massive disaster waiting to happen....

      Tin foil hat on.

      1. disgustedoftunbridgewells Silver badge

        Re: Would these Telcos and ISPs be the same ones...

        You don't need to compromise a mobile network to send messages from a sender specified number ( eg: "ThreeUK" ).

        You just need a company that has API access to an aggregator ( an aggregator is plumbed into the networks themselves and can specify the sender number ).

        There are plenty of them.

      2. Doctor Syntax Silver badge

        Re: Would these Telcos and ISPs be the same ones...

        "I have nothing to hide (I.e. not a criminal)"

        Of course you have something to hide. That's why the "nothing to hide" formula is a big lie to cover the removal of presumption of innocence. And you've fallen for that lie. You clearly do recognise the value of that data: that's the stuff that you should be able to keep hidden, you're probably contractually obliged to keep hidden (check your obligations in the T&Cs of any online accounts you have) and that those with whom you share it should be equally obliged to keep hidden. So why go along with the notion that bad stuff has to be hidden?

  3. Anonymous Coward
    Anonymous Coward

    That would explain

    Why I've had a few calls recently "from 3" offering me upgrades. All numbers blocked with Truecaller...

    1. lybad

      Re: That would explain

      Three regularly call offering additional contracts. Seems to be on a 6 month cycle - hut I can't ever remember them calling to offer upgrades.

      1. Roq D. Kasba

        Re: That would explain

        A month or so back I was getting a call "from three" every day or so. Now I know why.

      2. Steve Davies 3 Silver badge

        Re: That would explain

        Hmmm... Been with Three for nigh on 10 years and never get calls about upgrades. If they did then I'd ditch them in a flash. That was the reason I left Orange.

        YMMV though.

  4. planetzog

    Encryption? What encryption?

    FFS. TalkTalk were bollocked for allowing hackers to access customer data "with ease". What's Three's excuse?

    <Angry customer>

  5. jay_bea

    PR Fog

    The various press reports and Three's own statements make the whole incident very confusing:

    Three refers to "authorised logins to Three's upgrade system". Presumably this is an internal system and internal credentials that have been used? Or is it an internet-facing system and customer credentials that have been used?

    Three refers mainly to attempted fraud (being very specific mentions about upgrades being ordered for only 8 customers) and makes little mention about data theft. Was data taken or did the intruders just have access to the database which contained the details? There is a big difference between the records of 5m customers being taken and intruders being able to view individual customer details from a database containing 5m records.

    Hopefully we will find out more over the next couple of days.

  6. TheProf
    Unhappy

    Mail order scam

    I was 'used' in a catalogue scam a decade ago.

    Someone who knew I was out at work ordered 2 mobiles from a mail order catalogue using my name and address.

    Soon after the parcels were left with a neighbour, a second person called at the neighbour's house using some excuse about wrong goods being sent, and collected the two parcels.

    I find out about the scam a couple of weeks later when an invoice for two phones turns up at my house. Fortunately the catalogue company believed me and didn't make a song and dance about things. (Which led me to believe that I wasn't the only pawn in a crooked undertaking.)

    It sounded like an inside job to me.

  7. Sir Gaz of Laz

    Sounds like inside job to me...

    No hacking here as far as I can see (caveat - based on what I've read so far).

    Internal login used, quite possibly by employee or at least someone in collusion with the alleged thieves. Eight customers affected. Sounds like their internal systems for flagging this activity worked - or maybe the insider got careless, who knows?

    A similar thing happened years ago when I was a manager at another mobile operator (I won't name them, but ee, the stories I could tell you on a one to one basis). An entire team found a way to force these upgrades and drop ship to marked addresses for collection. Nothing wring with systems or security - someone was determined to find a way around it and greed got the better of them.

    Was flagged up very quickly, but allowed to continue (to amass evidence) and then the day came when they were summarily dismissed. Quite a few arrested immediately afterwards too.

    Sadly there will always be internal theft - no amount of system security and cross checking is going to overcome that completely - after all, you have to trust that the people you are employing in these roles are honest.

  8. Anonymous Coward
    Anonymous Coward

    Turning up at peoples houses...

    Clearly the problem here is warehouses are becoming too secure.

    We should go back to letting thieves ram raid warehouses.

    Everyone is a winner then.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019