TSTT Ransomware Attack - Customer data on dark web

[aaron17]

Top up digicel and bmobile...have a check box to store credit card info. for future payments.

[Chimera]

what could people really do with a copy of my id card and dp tho

could they get an island finance loan

ready finance?>

Yes.
I do 3rd party financing through courts and all I need is a dp or ID and a signature that resembles the signature on the dp or ID.

[Chimera]

Your dp has your address and dob. That can be used to do alot of damage .

From changing your mailing address to a po box or another random address, putting your calls on hold or forwarding to another number, applying for a ready finance loan, transferring your vehicle to someone else and more

[pugboy]

so is the data the hacker put out available as files to download ?
or did they just put out screenshots ?

[The_Honourable]

so is the data the hacker put out available as files to download ?
or did they just put out screenshots ?

Fully available to download but not easily accessible. You need to have the .onion link and TOR browser to access it.

[maj. tom]

Don't go looking for it. You will attract sharks in the water.

[redmanjp]

New DP/ID numbers for 1 million ppl? Yeah good luck with dat.

Now d bank go say they need not 2 but 3 or 4 forms of ID for everything cuz hackers have the first 2.

Was there ever a massive breach locally this before with a million customers affected?

[paid_influencer]

well they say 1 million records. could be database records. might not necessarily be 1 million different peoples, depending on the query

massy had a big breach that was p bad.
tomorrow i going massy and they will ask me if i have a massy card. i will again say no. my shopping habits are my secret

[pugboy]

some local bright spark will leak out

[redmanjp]

well they say 1 million records. could be database records. might not necessarily be 1 million different peoples, depending on the query

massy had a big breach that was p bad.
tomorrow i going massy and they will ask me if i have a massy card. i will again say no. my shopping habits are my secret

Do u use credit or debit card to pay?

[paid_influencer]

lol no. i does get paid in cash weekly. I do not have stable income.

debit card have all kinda madness now you could just tap away money from your account. I use cash when i go to massy so i feel the pain of all the cash for the week coming out of my pocket

[pugboy]

I does pay my cellphone at them cell outlets and swipe card in machine so the card not stored off some website.

if you pay online website they are not supposed to store your credit card info, it is supposed to be encrypted and sent directly to the credit card processor.
the key word is "not supposed to"

does tstt themselves have an online payment portal website like flow ?
even with flow it looks like the flow website directs you to their credit card processor's website to handle that part.

but anybody who has a tstt account must have had their id/dp scanned in more recent times so it look like that is in the wild now.

[The_Honourable]

Yes both bmobile and amplia have payment portals. First Atlantic Commerce does the credit card processing for most online merchants locally and in the caribbean.

[j.o.e]

Feel like the only time I submitted ID to TSTT is a million years ago for original mobile plan which has since been moved to corporate many years ago. Not too bothered but they need to get a slap from TATT

[death365]

So nobody eh post the tor link yet ?


I was ah bmobile crustomer back in d days pre-digicel and wanted to see if I'm still there

[pugboy]

so i guess tstt next press release will be that is only dp/id got leaked and once is not cc you don’t have to worry about anything

[maj. tom]

TSTT is being urged to not downplay the cyberattack and breach of its system, as the ransomware group who are “criminal extortionists” will hit them again to send a message.

“The ransomware gangs are like cartels, they are criminal extortionists... These people are not little hackers, we are talking about some of the best talent in the world, there are huge companies that are getting hacked,” he said, adding that companies have to be very careful about how they respond.

He is of the view that TSTT has sought to downplay the breach and this is something the ransomware gang is looking closely at.

“It’s kind of like poking the bear... actually they are like gigantic dragons, because you are telling everybody you have things under control, so they will wait for TSTT to do damage control, and there is a high possibility that they can come back and hit them with something even worse,” he said.

https://trinidadexpress.com/news/local/ransomware-group-can-come-back/article_50c642a6-7ab3-11ee-b14a-dfc3b3c5b560.html

[Chimera]

i wonder how much was the ransom

[The_Honourable]

Here is the full technical analysis by Cybersecurity Heavyweight and Professional Penetration Tester, Alex Samm on the TSTT data dump:

https://www.linkedin.com/pulse/month-re ... amm-k9ive/

[maj. tom]

^ Summary of link.

-TSTT lying to the public.
-They're in so much of sheit.

•Internal administrative credentials (usernames and passwords) used by TSTT staff for access systems and servers managed by TSTT. In case you were wondering, administrative credentials can basically allow a person to do anything on the systems.

•Credentials used by TSTT administrators for file systems.

•Customer Personal Identifiable Information (PII) such as Full Names, Addresses, Telephone numbers, email addresses and even company names.

•Source code for applications used by TSTT which included usernames and passwords coded directly into it.

•Daily reports showing summary of calls to locations and related carrier information.

•Dumps of databases that show the passwords used for cashier accounts.

•Scanned documents that include the IDs for customers, payment receipts and customer invoices with amounts, dates, and other details.

[fokhan_96]

Here is the full technical analysis by Cybersecurity Heavyweight and Professional Penetration Tester, Alex Samm on the TSTT data dump:

https://www.linkedin.com/pulse/month-re ... amm-k9ive/

"Professional Penetration Tester" yuh saying inno...

[ed360123]

This is madness. And nobody at TSTT going to lose their jobs over it.

[sMASH]

Why is it the first instinct of the govt an state agencies to lie to the citizens?

It happens, its bad, but why hide it. The truth comes out anyways and it just proves the people have no integrity

[sMASH]

So nobody eh post the tor link yet ?


I was ah bmobile crustomer back in d days pre-digicel and wanted to see if I'm still there

No tech company gets rid of data.. They simply ask if u want ur data moved from the 'active' file to the 'trash' file

[AlphaMan]

Where the link

[redmanjp]

This is madness. And nobody at TSTT going to lose their jobs over it.

This breach is so massive that many politicians data may be compromised as well. Perhaps some heads will roll.

[redmanjp]

So, the bmobile website that went down - do we need to change passwords for that online account?

[maj. tom]

I'm assuming that they have the hard factory set credentials for all TSTT service modems and such devices. Hackers can do very malicious working with that, and gain access to your personal systems at home. Mostly everybody never changed the SSID and password and just use whatever keys the factory issued straight from the box.

Hackers usually create a back door to return when they access a system. They can log into TSTT with with admin level privileges. They can target any number of home users internet devices. They can decrypt WPA2 data because they have the keys and most devices still run WPA2 encryption. You do banking and online purchases at home? Using your TSTT modem? Well hackers can probably work out how to to access everything now. And AI will make these tasks easier for them. They say they have source code with encoded password for the applications used as well. Right now they're selling the personal data to scam call centers in India who will now know the old people details to gain access.

[paid_influencer]

why would somebody hard code in a username/password

[paid_influencer]

Update (November 04): I’ve had some requests from friends who want to find out what’s in the TSTT data dumped to the darkweb by RansomEXX. There are several files, the most notable of which are an ID file, listing customer identification information with 377,164 records, a contacts file with 800,977 records, a file with employee IDs and passwords with 158,032 records and an Oracle database Customers file with 4,293,368 records.

File sizes are slightly deceptive, since some customers are listed multiple times with different information associated with them or duplicate information, but the overall count is massive.

It’s important to note that while a spreadsheet is a database, a sophisticated database is not a spreadsheet. As a consequence, the way some of these files open in a spreadsheet is not the way it will be read into a database file.

The customers file, for example, quickly hits the upper limit of a spreadsheet’s capabilities. Apple’s Numbers stalls out at one million records while Excel coughs up a lung at just shy of 1.5 million. Neither app could open the full customer database.

In addition, columns in the file aren’t read properly and are conflated into near unreadability. It’s possible to tease the information – which lists internal customer ranking and status information – out of the file, but without loading it into a compatible database, the file is unusable to the casual browser.

A moderately talented spreadsheet/database jockey should be able to knit this information together to amass a surprisingly detailed profile of the customers in this data.

TSTT has characterised this information as being equivalent to the information to be found in a phone directory. That is absurd, A phone directory is not malleable information that can be matched with other datasets. It also does not contain bank account information or personal ID information.

via Mark Lyndersay via TTCS
https://technewstt.com/tstt-ransomexx-exploit/