Network News

X My Profile
View More Activity

T-Mobile Investigating Data Breach Claims

Wireless phone giant T-Mobile said today it is investigating claims that hackers have broken in and stolen customer data and company proprietary information.

On Saturday, June 6, someone anonymously posted to the Full Disclosure security mailing list claims that a broad range of internal T-Mobile data had been compromised and was being put up for sale to the highest bidder.

"We have everything, their databases, confidental [sic] documents, scripts and programs from their servers, financial documents up to 2009. We already contacted with their competitors and they didn't show interest in buying their data - probably because the mails got to the wrong people - so now we are offering them for the highest bidder."

In a statement e-mailed to Security Fix, T-Mobile said it was investigating the claims.

"The protection of our customers' information, and the safety and security of our systems, is absolutely paramount at T-Mobile," the company said. "Regarding the recent claim, we are fully investigating the matter. As is our standard practice, if there is any evidence that customer information has been compromised, we would inform those affected as soon as possible."

The posting on Full Disclosure also includes a long list of what appear to be individual databases, including file names such as "Campaign Management System," "Prod Billing Enable," "Prod Billing Customer Profile," and "Prod Infra Netbackup 34 Backup/Archive server," to name a few.

A number of news outlets are starting to pick up on this claim, but I would take it with a grain of salt until more evidence of a compromise surfaces. The Full Disclosure mailing list often contains some real gems of timely information, but the list also is known to have a rather low signal-to-noise ratio (a few of my sources derisively refer to the list as "FuD," for the acronym fear, uncertainty and doubt).

Update, 10:32 p.m. ET: T-Mobile has issued a clarification to its earlier statement that downplays the threat, suggesting the perpetrators may have merely copied a list of files from a document. No doubt this will put pressure on the group or individual who launched this fiasco to publish additional data to prove that a compromise of some kind occurred. T-Mobile's updated statement reads: "Regarding the recent claim on a Web site, we've identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers. We continue to investigate the matter, and have taken additional precautionary measures to further ensure our customers' information and our systems are protected. At this moment, we are unable to disclose additional information in order to protect the integrity of the investigation, but customers can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible."

By Brian Krebs  |  June 8, 2009; 11:10 AM ET
 | Tags: full disclosure, t-mobile  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: FTC Sues, Shuts Down N. Calif. Web Hosting Firm
Next: Unshrinking Shortened Web Links

Comments

It would be a real shame if business had to spend real money on IT security. That could lead to lower CEO bonuses.

Posted by: Garak | June 9, 2009 8:08 AM | Report abuse

Hackers Destroy 100k Websites

A large internet service provider said data for as many as 100,000 websites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application.

http://information-security-resources.com/2009/06/09/isr-news-hackers-destroy-100k-websites/

Posted by: anthonymfreed | June 9, 2009 9:25 AM | Report abuse

"The posting on Full Disclosure also includes a long list of what appear to be individual databases," - where did you get that from? It's pretty obvious it's a list of individual servers with their internal IP addresses (that's what all those 10.1.xxx.xxx entries are), operating system (mostly HP-UX 11.1, which is HP's UNIX variant), and what each machine's primary purpose is (e.g. Billing, Caller Tunes, Backup, etc.).

It looks a heck of a lot like a print document that some upper-management geezer might have demanded - maybe the "hackers" went dumpster diving. Looking at the list, I tend to think they don't actually have any of the information they claim to have.


Posted by: tlsfromthepnw | June 10, 2009 1:46 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company