The Tech Herald

T-Mobile staffers and PR team exposed by webserver breach

by Steve Ragan - Jan 17 2012, 02:10

T-Mobile staffers and PR team exposed by webserver breach. Image: T-Mobile.

Several T-Mobile employees and a handful of their PR agents had some of their contact data exposed after one of the company’s webservers were breached. The group TeaMp0isoN claimed responsibility, noting that they exploited SQL Injection vulnerabilities on t-mobile.com to obtain the data.

According to persons speaking on behalf of TeaMp0isoN, T-Mobile was targeted for “supporting the Big Brother Patriot Act law.”

“One of the main reasons for the hack is because they are corrupted, but we also wanted to show how weak their security is.”

In a published document, which lists 38 company contacts, the group remarked on the weak passwords released, noting that they were “manually given to staff via an admin who uses the same set of passwords.”

Looking at the list, the set of passwords issued are 112112, pass, or glg5548. The last password in the block seems to have been assigned only to staffers of the Garrigan Lyman Group, an agency that represents T-Mobile.

In addition, staffers from Waggener Edstrom, another PR firm representing the telecom company, were exposed as well.

The attack was possible due to SQL Injection flaws present on t-mobile.com and newsroom.t-mobile.com. Both domains were actively delivering content on Monday afternoon, as word of the breach spread.

Currently, the amount of data taken from the T-Mobile website is unknown. It’s possible that the only thing obtained was the brief list. We’ve been in contact with T-Mobile and Waggener Edstrom. We’ll update this story with additional information as we have it.

 

Update:

Without going into any technical issues, T-Mobile has said that the “issue only impacted our newsroom, which is a non-critical system and does not affect our customers.”

Officially, the statement from company reads as follows:

T-Mobile's newsroom, which is hosted by an external third party, experienced a security issue last week. No other online T-Mobile properties were affected. We've identified the root cause of the issue and security protocols have been updated. This issue did not impact T-Mobile customers.

Unfortunately, this does not answer many questions. They will not comment on who hosted the news portal or who developed it, which is important assuming the issue was purely code related and they outsourced the creation of the newsroom. Moreover, they would not comment on the security protocols that were changed, or the basic passwords issued to the newsroom’s operators.

 

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

Miami Formula E Tickets On Sale Now

Tickets for the first US race in the Formula E calendar — Miami — are on sale now.The ePrix&...

Our Most Popular Car Games Of 2014

It’s that time of year when we take stock of where we’re at and button down the hatches over...

Monster Truck World Speed Record Broken By The Raminator

The monster truck speed record has been broken by road-going goliath The Raminator.The truck...

Car Games Update – December 2014

Our car games section is constantly growing and becoming more popular by the day. Over the p...

The Mind-blowing 2015 BMW 6 Series (PICTURES)

Here’s a great selection of pictures of the new 2015 BMW 6 Series to salivate over. The new ...