Sign in with
Sign up | Sign in

Hackers Steal Data From T-Mobile, Trying to Sell

By - Source: Tom's Guide US | B 31 comments

A T-Mobile spokesperson has confirmed claims that the network’s customer database has been hacked and the attackers have made off with boatloads of data that they’re trying to sell.

Over the weekend, a message from the attackers was made public on the full disclosure mailing list. Claiming to have “everything” (from confidential documents and financial documents to scripts and programs from their servers) the hackers said they had already contacted competitors of T-Mobile, offering to sell the data but because they had received no response, they were ready to sell to the highest bidder.

According to eWeek, a spokesperson from T-Mobile said the company is unable to disclose additional information at this time, but stated customers “can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible."

Full transcript of the email is below (or click here to go directly to Full Disclosure):

Hello world,

The U.S. T-Mobile network predominately uses the GSM/GPRS/EDGE 1900 MHz frequency-band, making it the largest 1900 MHz network in the United States. Service is
available in 98 of the 100 largest markets and 268 million potential customers.

Like Checkpoint Tmobile has been owned for some time. We have everything, their databases, confidental documents, scripts and programs from their servers,
financial documents up to 2009.

We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are
offering them for the highest bidder.

Please only serious offers, don't waste our time.

Contact: pwnmobile_at_safe-mail.net

[UPDATE] T-Mobile has said the data posted on Full Disclosure was not obtained by hacking into the company's system. According to PCWorld, T-Mobile said in a statement that the hackers did have legitimate T-Mobile data, but they didn't do it by hacking into the company's network. The statement went on to detail that there was no customer information contained in the document, nor does the T-Mobile security system show any evidence of a breach. A company spokes person refused to say how hackers got a hold of the information. Very fish indeed.

Display 31 Comments.
This thread is closed for comments
  • -4 Hide
    Onus , June 10, 2009 1:15 PM
    Find these people, perhaps by seeking to do business with them, then use them ALL for training in wet-work.
  • 1 Hide
    Hanin33 , June 10, 2009 1:26 PM
    these kinds of things makes me wonder why laws aren't enacted to punish these incompetent service providers and their lack of will or just plain ineptitude. these kind of security breaches should not be occurring. it is true that it is impossible to completely keep a system secure but they should be able to minimize the depth and time these 'hackers' have to run wild in their systems. i find it hard to believe that they do not have teams specifically assigned to monitor and track intrusions in their systems.
  • 2 Hide
    Hatecrime69 , June 10, 2009 1:37 PM
    Yeah, like any of t-mobile's competitors would even consider such an act, if any of them did they would be in a serious world of legal hurt, like a giant 'sue me' sign on their foreheads
  • -3 Hide
    chripuck , June 10, 2009 1:46 PM
    Hanin33these kinds of things makes me wonder why laws aren't enacted to punish these incompetent service providers and their lack of will or just plain ineptitude. these kind of security breaches should not be occurring. it is true that it is impossible to completely keep a system secure but they should be able to minimize the depth and time these 'hackers' have to run wild in their systems. i find it hard to believe that they do not have teams specifically assigned to monitor and track intrusions in their systems.


    Did you not read the part where T-Mobile said there was no security breach? Reading comprehension FTW...
  • 4 Hide
    Hanin33 , June 10, 2009 2:15 PM
    chripuckDid you not read the part where T-Mobile said there was no security breach? Reading comprehension FTW...


    that was posted after i commented, hater. and i wouldn't trust wot they're saying after the fact. they can make their reports say wotever they wish them to say. if it can be proven the data is authentic then t-mobile's excuses mean very little. next!
  • 4 Hide
    duzcizgi , June 10, 2009 2:18 PM
    chripuckDid you not read the part where T-Mobile said there was no security breach? Reading comprehension FTW...

    If you are competent enough to get in, through the firewall, and were able to copy the databases etc. over, then you should be competent enough to clear up your traces as well. Even in the dawn of computer networks & hacking, hackers were clearing their traces as soon as they're finished with what they are doing. So, "security isn't breached" means just "we don't have any logs stating that someone entered our network".
    So, not having logs, does it really mean that nobody entered, or, someone entered and then cleared up all the logs regarding her when she's finished?
  • 5 Hide
    Parrdacc , June 10, 2009 2:31 PM
    I don't know. Something just feels wrong here. This is about the fourth story I have read or heard about in the last 6 months that follows the same pattern. Hackers steal confidential, either/or customer and company, information then publicly claim they have it and try and get money for it. Not saying it is not possible and not saying it isn't even true; just seems a lot of this going around to make me think that the maybe it is not all hackers. Perhaps it is some sort of new Nigeria scam. Just a thought.
  • 3 Hide
    danimal_the_animal , June 10, 2009 2:58 PM
    ParrdaccI don't know. Something just feels wrong here. This is about the fourth story I have read or heard about in the last 6 months that follows the same pattern. Hackers steal confidential, either/or customer and company, information then publicly claim they have it and try and get money for it. Not saying it is not possible and not saying it isn't even true; just seems a lot of this going around to make me think that the maybe it is not all hackers. Perhaps it is some sort of new Nigeria scam. Just a thought.


    Exactly....What if the T-mobile Administrators SUCK AT THEIR JOB!!!!

    they can tell their bosses..."Nah...nobody hacked us" just so that they can keep their jobs....heck...what if they were too stupid to know what happened.....or are not competent enough to see an attack that is right in front of their face.

    You would have to BE a hacker in order to spot a hack.....no experience in this field= unable to detect problem.....It's like going into a pitch black closet trying to find something....Not going to happen.....


    So their is a 50/50 chance that the T-mobile network admins either know what to look for or not
  • 2 Hide
    scook9 , June 10, 2009 2:59 PM
    Guess I DON'T need a mobile makeover after all, even from Catherine Zeta-Jones.
  • 1 Hide
    Kill@dor , June 10, 2009 3:20 PM
    I don't understand how they got this info without hacking. Its either an inside job, or the hackers did hack un-noticed in the network (i.e. they obtained usernames and passwords somehow).
  • 1 Hide
    Anonymous , June 10, 2009 3:22 PM
    From the way the article made it sound, it's more than likely that it was an inside job, rather than "hackers". Some irate employee probably made a copy of some files and tried to make a buck by selling them.
  • 2 Hide
    danimal_the_animal , June 10, 2009 3:25 PM
    SO THEY SAY!

    Hackers say they stole data.

    Admins are not sure.....

    until they can prove or disprove it without a doubt I say for the time being it is plausible.
  • 0 Hide
    danimal_the_animal , June 10, 2009 3:28 PM
    If nothing comes of this in 30 days....it is all lies.

    If it DOES turn out they got hacked...People WILL be getting fired!
  • 0 Hide
    NuclearShadow , June 10, 2009 3:35 PM
    I wouldn't trust T-mobile's word. They have reason to lie to make their customers feel comfortable to continue using T-mobiles service.
  • 0 Hide
    Ciuy , June 10, 2009 3:40 PM
    bs they hacked their crap security system, and now they say they got the data in another way so ppl dont think T-mobile securty is breached.

    IT IS !!!
  • 1 Hide
    Hanin33 , June 10, 2009 3:57 PM
    scook9Guess I DON'T need a mobile makeover after all, even from Catherine Zeta-Jones.


    tanks... i needed a laugh... ;) 
  • 4 Hide
    rockabye , June 10, 2009 4:04 PM
    Whether they got the data by hacking, walking out of the building with boxes of backup tapes, or using a Jedi mind trick doesn't matter. It's still a security issue which the company is responsible for. To announce that it wasn't done through hacking doesn't change anything.
  • 0 Hide
    grieve , June 10, 2009 4:22 PM
    T-Mobile should hire a 3rd party to investigate if they have been hacked or not.
    I figure if the network is insecure and got hacked.. .someone should be unemployeed.
  • 0 Hide
    Anonymous , June 10, 2009 4:58 PM
    Haha pwnmobile, I like that name.

    The real point being is you can't always stop a good hacker no matter how good you are at security, you can only detect them so they don't get away with it.

    Imagine that the T-mobile admins are awesome, they detected the intrusion and brought it to the executive staff. Do you really think they will admit it? They would if the punishment for non-disclosure was worse than the theft. This is why there needs to be a harsh law.
  • 4 Hide
    magicandy , June 10, 2009 5:38 PM
    All these hacker horror stories lately are hitting the front pages for a reason. It's all just a part of the US govt's plan to regulate and control the internet, in much the same way as China. Don't believe it if you don't want to, but it's coming. We're going to start hearing more and more about "hackers" digging deeper into crucial systems. It will come to the point where "hacker" will be almost synonymous with "terrorist", and the government will have "no choice" but to regulate and control the US net to increase "security".
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter