The Tech Herald

T-Mobile staffers and PR team exposed by webserver breach

by Steve Ragan - Jan 16 2012, 21:10

T-Mobile staffers and PR team exposed by webserver breach. Image: T-Mobile.

Several T-Mobile employees and a handful of their PR agents had some of their contact data exposed after one of the company’s webservers were breached. The group TeaMp0isoN claimed responsibility, noting that they exploited SQL Injection vulnerabilities on t-mobile.com to obtain the data.

According to persons speaking on behalf of TeaMp0isoN, T-Mobile was targeted for “supporting the Big Brother Patriot Act law.”

“One of the main reasons for the hack is because they are corrupted, but we also wanted to show how weak their security is.”

In a published document, which lists 38 company contacts, the group remarked on the weak passwords released, noting that they were “manually given to staff via an admin who uses the same set of passwords.”

Looking at the list, the set of passwords issued are 112112, pass, or glg5548. The last password in the block seems to have been assigned only to staffers of the Garrigan Lyman Group, an agency that represents T-Mobile.

In addition, staffers from Waggener Edstrom, another PR firm representing the telecom company, were exposed as well.

The attack was possible due to SQL Injection flaws present on t-mobile.com and newsroom.t-mobile.com. Both domains were actively delivering content on Monday afternoon, as word of the breach spread.

Currently, the amount of data taken from the T-Mobile website is unknown. It’s possible that the only thing obtained was the brief list. We’ve been in contact with T-Mobile and Waggener Edstrom. We’ll update this story with additional information as we have it.

 

Update:

Without going into any technical issues, T-Mobile has said that the “issue only impacted our newsroom, which is a non-critical system and does not affect our customers.”

Officially, the statement from company reads as follows:

T-Mobile's newsroom, which is hosted by an external third party, experienced a security issue last week. No other online T-Mobile properties were affected. We've identified the root cause of the issue and security protocols have been updated. This issue did not impact T-Mobile customers.

Unfortunately, this does not answer many questions. They will not comment on who hosted the news portal or who developed it, which is important assuming the issue was purely code related and they outsourced the creation of the newsroom. Moreover, they would not comment on the security protocols that were changed, or the basic passwords issued to the newsroom’s operators.

 

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

Monaco Grand Prix Circuit Map

Infiniti Red-Bull have released a Monaco Grand Prix circuit map showing a string of G-Force and speedo readings recorded in their cars on a normal lap. The team also described the most complicated turns on the track: Turn 1, Sainte Devote, sees drivers hit the barrier if they come into corner just 1km/h too fast [...]

The post Monaco Grand Prix Circuit Map appeared first on Autosaur.

Daniel Day-Lewis and Yasmin Le Bon at Mille Miglia rally in Italy

Jaguar have released a cool little film about their experience at this year’s Mille Miglia car rally in Italy — featuring stars including triple Oscar-winner Daniel Day-Lewis and model Yasmin Le Bon. The video has short interviews with several of the famous participants about taking part in the 1,000-mile event, which celebrates the original Mille [...]

The post Daniel Day-Lewis and Yasmin Le Bon at Mille Miglia rally in Italy appeared first on Autosaur.

Man wins Batman version of Nissan Juke

A BATMAN fan has won a special version of the Nissan Juke inspired by the films — and which has a string of features more normally seen on the Batmobile. Adam Williams was presented with the matt black vehicle after a real Batmobile (well, as real as they get) was driven through the streets of the [...]

The post Man wins Batman version of Nissan Juke appeared first on Autosaur.