T-Mobile denies database crack

T-Mobile denies database crack

T-Mobile claims that the individual responsible for posting an offer to sell vast quantities of the company's data was a simple liar.

Reports of a database intrusion which saw vast quantities of personal data fall into the hands of ne'er-do-wells – for sale to the highest bidder, no less – have been categorically denied by T-Mobile.

As reported by BetaNews, T-Mobile has completed its investigation into claims by an anonymous individual on the Full Disclosure security mailing list that large amounts of private corporate data – including billing information for customers – had been copied without the company's knowledge. While T-Mobile confirms that the content of the document posted to the list was real, it denies that the cracker ever had access to anything further.

In a statement, T-Mobile claims to have found “no evidence that customer information, or other company information, has been compromised,” nor that the unnamed individual ever had access to any additional data beyond what was posted to the mailing list – a sure disappointment for any of T-Mobile's competitors that were hoping to take the cracker up on his offer to sell the data.

It's possible that the singular document that appears to have been in the possession of the poster wasn't even obtained electronically: it's entirely plausible that the list of server details posted to the mailing list was obtained through lower-tech means, such as 'dumpster diving' – the art of retrieving corporate data by rummaging around in bins.

Although the alleged database crack appears to have been nothing more than bravado motivated by greed, T-Mobile has pledged that its customers “can be assured that if there is any evidence that customer or system information has been compromised, we would inform those affected as quickly as possible.

Do you believe that the cracker was over-egging just how much data he had in order to boost the price he could get, or is T-Mobile quick to play down the severity of this situation? Share your thoughts over in the forums.


Discuss in the forums Reply
leexgx 11th June 2009, 11:23 Quote
[USRF]Obiwan 11th June 2009, 12:00 Quote
BS! How can they now if a Cracker has stolen data.

I don't think it is the "Its still there so its not stolen" option. (they are not that dumb are they?)
If they know what the cracker has stolen (copied) how did they know.
Did they contacted the cracker and asked what he/she stole?

If so, then they are better then the FBI in finding cybercriminals!
Nicb 11th June 2009, 19:27 Quote
I believe that it has been stolen and used. Ever since this incident I have been getting calls from numerous scammers. I now have "Trapcall" blocking all unwanted calls. I have to keep adding to the list every week.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.

Discuss in the forums