T-Mobile claims that the individual responsible for posting an offer to sell vast quantities of the company's data was a simple liar.
Reports of a database intrusion
which saw vast quantities of personal data fall into the hands of ne'er-do-wells – for sale to the highest bidder, no less – have been categorically denied by T-Mobile.
As reported by BetaNews
, T-Mobile has completed its investigation into claims by an anonymous individual on the Full Disclosure security mailing list that large amounts of private corporate data – including billing information for customers – had been copied without the company's knowledge. While T-Mobile confirms that the content of the document posted to the list was real, it denies that the cracker ever had access to anything further.
In a statement, T-Mobile claims to have found “no evidence that customer information, or other company information, has been compromised,
” nor that the unnamed individual ever had access to any additional data beyond what was posted to the mailing list – a sure disappointment for any of T-Mobile's competitors that were hoping to take the cracker up on his offer to sell the data.
It's possible that the singular document that appears to have been in the possession of the poster wasn't even obtained electronically: it's entirely plausible that the list of server details posted to the mailing list was obtained through lower-tech means, such as 'dumpster diving' – the art of retrieving corporate data by rummaging around in bins.
Although the alleged database crack appears to have been nothing more than bravado motivated by greed, T-Mobile has pledged that its customers “can be assured that if there is any evidence that customer or system information has been compromised, we would inform those affected as quickly as possible.
Do you believe that the cracker was over-egging just how much data he had in order to boost the price he could get, or is T-Mobile quick to play down the severity of this situation? Share your thoughts over in the forums