Is confidential T-Mobile data really being offered to the highest bidder? (Update 3)

by Steve Ragan - Jun 9 2009, 17:59

Update 3:

T-Mobile says press reports of confirmation are inaccurate. This is what happens when some in the media jump the gun.

"Following a recent online posting that an alleged hacker apparently accessed T-Mobile servers, the company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised. Reports to the contrary are inaccurate and should be corrected. T-Mobile continues to monitor this situation and as a precaution has taken additional measures to further ensure our customers' information and our systems are protected. As is our standard practice, customers can be assured if there is any evidence that customer or system information has been compromised, we would inform those affected as quickly as possible."

Update 2:

T-Mobile added the following to their previous statement.

"To reaffirm, the protection of our customers' information and the security of our systems is paramount at T-Mobile.  Regarding the recent claim on a Web site, we've identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers.  We continue to investigate the matter, and have taken additional precautionary measures to further ensure our customers' information and our systems are protected.  At this moment, we are unable to disclose additional information in order to protect the integrity of the investigation, but customers can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible."

Update:

T-Mobile has sent over the following:

"The protection of our customers' information, and the safety and security of our systems, is absolutely paramount at T-Mobile.  Regarding the recent claim, we are fully investigating the matter.  As is our standard practice, if there is any evidence that customer information has been compromised, we would inform those affected as soon as possible."

Original Article:

In a Saturday posting to the Full Disclosure mailing list, an unknown group or person has offered information supposedly lifted from over 500 T-Mobile servers. The information on the servers, housing data such as JPay, Archive/Backup, Remedy, Workforce Management, Security, SAP, eBill and more, are available to the highest bidder.

One interesting observation after looking at the list, is that most of the 'owned' servers are of the Hewlett Packard UniX (HP-UX) variety. There is no mention in the offer as to how the servers were compromised, and speculation will lead nowhere. Thus far T-Mobile has opted to remain silent on the issue, and an e-mail sent to its media relations address by The Tech Herald has gone unanswered. (see updates)

“Hello world. The U.S. T-Mobile network predominately uses the GSM/GPRS/EDGE 1900 MHz frequency-band, making it the largest 1900 MHz network in the United States. Service is available in 98 of the 100 largest markets and 268 million potential customers. Like Checkpoint T-Mobile has been owned for some time. We have everything, their databases, [confidential] documents, scripts and programs from their servers, financial documents up to 2009,” the offer states.

“We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are offering them for the highest bidder. Please only serious offers, don't waste our time.”

If this seems oddly familiar, then it's likely because of the last T-Mobile data breach that occurred in 2005. Back then, 21-year-old Nicolas Jacobsen was arrested and charged with the 2004 intrusions that allowed him access to T-Mobile customer data including images, messages, account passwords, and other billing information.

If that wasn’t enough, Jacobsen also used the ill-gotten access to monitor U.S. Secret Service e-mail. His bust and the related news centered on the T-Mobile breach were a part of the Secret Service's 'Operation Firewall' crackdown in 2004.

Again, aside from the offer and list, there is no proof supporting the offer's credibility and that there was an information/infrastructure compromise on the T-Mobile network. The sheer amount of servers referenced on the list means this is either something serious or a hoax. Either way, T-Mobile is expected to respond one way or another. As they do, we will update our coverage.

The Tech Herald: T-Mobile data theft from 2006 making the news again

Want regular updates from The Tech Herald? Follow us on Twitter.

Interested in a more interactive TTH? Join our Facebook Group.

Around the Web