Hacker who looted millions of customer records from T-Mobile confirms that "their security is awful"

T-Mobile's poor security has long been a disaster waiting to happen: if you couldn't remember your password, one user wrote, they'd just send it to you again as plain text. So when millions of its users' personal information went on sale online, including Social Security Numbers, the outrage was not spiced by surprise. In The Wall Street Journal, the hacker taking responsibility for the data heist says that T-Mobile's security is, indeed, "awful".

John Binns, a 21-year-old American who moved to Turkey a few years ago, told The Wall Street Journal he was behind the security breach. Mr. Binns, who since 2017 has used several online aliases, communicated with the Journal in Telegram messages from an account that discussed details of the hack before they were widely known.

The August intrusion was the latest in a string of high-profile breaches at U.S. companies that have allowed thieves to walk away with troves of personal details on consumers. A booming industry of cybersecurity consultants, software suppliers and incident-response teams have so far failed to turn the tide against hackers and identity thieves who fuel their businesses by tapping these deep reservoirs of stolen corporate data.