Several T-Mobile employees and a handful of their PR agents had some of their contact data exposed after one of the company’s webservers were breached. The group TeaMp0isoN claimed responsibility, noting that they exploited SQL Injection vulnerabilities on t-mobile.com to obtain the data.
According to persons speaking on behalf of TeaMp0isoN, T-Mobile was targeted for “supporting the Big Brother Patriot Act law.”
“One of the main reasons for the hack is because they are corrupted, but we also wanted to show how weak their security is.”
In a published document, which lists 38 company contacts, the group remarked on the weak passwords released, noting that they were “manually given to staff via an admin who uses the same set of passwords.”
Looking at the list, the set of passwords issued are 112112, pass, or glg5548. The last password in the block seems to have been assigned only to staffers of the Garrigan Lyman Group, an agency that represents T-Mobile.
In addition, staffers from Waggener Edstrom, another PR firm representing the telecom company, were exposed as well.
The attack was possible due to SQL Injection flaws present on t-mobile.com and newsroom.t-mobile.com. Both domains were actively delivering content on Monday afternoon, as word of the breach spread.
Currently, the amount of data taken from the T-Mobile website is unknown. It’s possible that the only thing obtained was the brief list. We’ve been in contact with T-Mobile and Waggener Edstrom. We’ll update this story with additional information as we have it.
Without going into any technical issues, T-Mobile has said that the “issue only impacted our newsroom, which is a non-critical system and does not affect our customers.”
Officially, the statement from company reads as follows:
“T-Mobile's newsroom, which is hosted by an external third party, experienced a security issue last week. No other online T-Mobile properties were affected. We've identified the root cause of the issue and security protocols have been updated. This issue did not impact T-Mobile customers.”
Unfortunately, this does not answer many questions. They will not comment on who hosted the news portal or who developed it, which is important assuming the issue was purely code related and they outsourced the creation of the newsroom. Moreover, they would not comment on the security protocols that were changed, or the basic passwords issued to the newsroom’s operators.