Hackers Steal Data From T-Mobile, Trying to Sell

Over the weekend, a message from the attackers was made public on the full disclosure mailing list. Claiming to have “everything” (from confidential documents and financial documents to scripts and programs from their servers) the hackers said they had already contacted competitors of T-Mobile, offering to sell the data but because they had received no response, they were ready to sell to the highest bidder.

According to eWeek, a spokesperson from T-Mobile said the company is unable to disclose additional information at this time, but stated customers “can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible."

Full transcript of the email is below (or click here to go directly to Full Disclosure):

Hello world,

The U.S. T-Mobile network predominately uses the GSM/GPRS/EDGE 1900 MHz frequency-band, making it the largest 1900 MHz network in the United States. Service is
available in 98 of the 100 largest markets and 268 million potential customers.

Like Checkpoint Tmobile has been owned for some time. We have everything, their databases, confidental documents, scripts and programs from their servers,
financial documents up to 2009.

We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are
offering them for the highest bidder.

Please only serious offers, don't waste our time.

Contact: pwnmobile_at_safe-mail.net

[UPDATE] T-Mobile has said the data posted on Full Disclosure was not obtained by hacking into the company's system. According to PCWorld, T-Mobile said in a statement that the hackers did have legitimate T-Mobile data, but they didn't do it by hacking into the company's network. The statement went on to detail that there was no customer information contained in the document, nor does the T-Mobile security system show any evidence of a breach. A company spokes person refused to say how hackers got a hold of the information. Very fish indeed.

About the author
This thread is closed for comments
31 comments
  • Find these people, perhaps by seeking to do business with them, then use them ALL for training in wet-work.
    -4
  • these kinds of things makes me wonder why laws aren't enacted to punish these incompetent service providers and their lack of will or just plain ineptitude. these kind of security breaches should not be occurring. it is true that it is impossible to completely keep a system secure but they should be able to minimize the depth and time these 'hackers' have to run wild in their systems. i find it hard to believe that they do not have teams specifically assigned to monitor and track intrusions in their systems.
    1
  • Yeah, like any of t-mobile's competitors would even consider such an act, if any of them did they would be in a serious world of legal hurt, like a giant 'sue me' sign on their foreheads
    2