An American citizen who was arrested in Turkey earlier this year after affirming his role in a massive security incident involving T-Mobile has been linked to a newly-revealed data breach involving nearly all of AT&T’s customers two years ago, The Desk has learned.
Federal authorities believe John Binns, 24, is one of several individuals who conspired to steal logs pertaining to phone calls and text messages sent and received by AT&T wireless customers in 2022, according to a person familiar with the matter.
AT&T revealed the data breach on Friday, affirming an unknown number of hackers had illegal access to a subset of its customer data. At least one person has been arrested in connection with the scheme, the New York Times reported on Friday.
The Desk can confirm that Binns is the person who was arrested, though his detention in Turkey was originally connected to the theft of T-Mobile customer information three years ago. In media interviews, Binns affirmed he was able to exploit a glitch in servers used by the phone company, and extracted a small amount of data to raise awareness of T-Mobile’s lackluster security practices. Prosecutors say he actually stole records belonging to T-Mobile customers in order to sell them on web forums used by hackers, scammers and thieves.
The Desk was the first outlet to confirm Binns’ detention in May after a Turkish court approved an extradition request by federal authorities. He remains in custody there. The website 404 Media first reported on Binns’ connection to the AT&T security issue.
Federal law enforcement continue to investigate the identities of other people who worked with Binns to access the AT&T servers.
AT&T says the data collected by hackers two years ago did not include personal information like social security numbers or credit card information, nor did it contain usernames and passwords of customers. But it did include records of calls placed or received by customers, as well as rudimentary text message metadata, which could allow a person to learn who a subscriber interacted with.
“At this time, we do not believe that the data is publicly available,” a spokesperson for AT&T said, though a reporter with 404 Media said they were able to view “a subset of the data,” suggesting it might be more widely available than the phone company realizes.
All phone companies, including AT&T, are required by law to collect and retain logs of phone calls and text messages for at least a few years. The data is disclosable if a law enforcement agency is able to produce a subpoena or warrant compelling its release in criminal investigations.
The situation involving AT&T is potentially more dangerous than the hack of T-Mobile customer data, because AT&T holds top-level contracts to provide telecommunications services to the Department of Homeland Security, the Department of Defense and local and state public safety officials through FirstNet.
In a statement on social media, officials with the Federal Communications Commission (FCC) said they were involved in the investigation over what happened at AT&T, and were coordinating with law enforcement partners. The FCC typically does not get involved in cybersecurity matters involving the theft of customer data.
