T-Mobile is investigating claims that a cracker has penetrated its corporate databases and stolen personally identifiable information on the company and its customers.
As reported over on CNet
, the investigation centres on claims made by an anonymous contributor to the Full Disclosure
security mailing list. In the posting, the individual claims to have penetrated T-Mobile's systems and gained illegitimate access to “everything [-] their databases, confidential documents, scripts and programs from their servers, [and] financial documents up to 2009.
The alleged cracker is, apparently, motivated primarily by greed: claiming to have “already contacted with their competitors and they didn't show interest in buying [the data],
” the unknown individual is asking for “serious offers
” in an attempt to sell the data to the highest bidder.
In order to offer some form of verification of the claims, the cracker provides a dump of one of the database retrieved – and it certainly appears to be a genuine dump from a mobile phone provider, offering as it does glimpses into “CallerTunes
,” and “Billing eBill
.” Somewhat worryingly, the list also appears to contain data for backup and archive servers located within T-Mobiles internal network – servers that are likely to contain entire dumps of all corporate information passing through the company.
T-Mobile has issued a statement which – beyond the traditional “the protection of our customers' information, and the safety and security of our systems, is absolutely paramount at T-Mobile,
” disclaimer – states that the company is “fully investigating the matter
,” and promises to “inform those affected as soon as possible
” should any customer data have been exposed in the alleged attack.
Do you predict a sad end for a cracker brazen enough to post about his exploits on a public mailing list, or is this evidence that tech companies are failing to protect the increasing quantities of personal data they store? Share your thoughts over in the forums