This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

T-Mobile staff data and passwords hacked and published

Share this article:
T-Mobile staff data and passwords hacked and published
T-Mobile staff data and passwords hacked and published

The hacktivist group TeaMp0isoN has published the names and passwords of T-Mobile staff.

Following a dump of data on Pastebin, it said: "Look at the passwords, epic fail. All the passwords are manually given to staff via an admin who uses the same set of passwords." Talking to Softpedia the hackers said they targeted T-Mobile as it is supporting the Patriot Act in the US – and they would view any mobile phone company doing so as a legitimate target.

“One of the main reasons for the hack is because they are corrupted, but we also wanted to show how weak their security is,” the group said. It claimed to have found SQL injection vulnerabilities on the T-Mobile website where it found the names, email addresses, phone numbers and passwords of the administrators and staff members.

T-Mobile's parent company, Deutsche Telekom, said that only the newsroom section of the website was compromised and no other T-Mobile proprieties were affected. No customers have been affected, it said.

John Stock, senior security consultant at Outpost24, said: “The most worrying aspects of this attack are twofold. Firstly, the passwords used by T-Mobile staff seem to have been given to them by administrators who employ the same password for each individual, a fundamental security error. Secondly, TeaMp0isoN seem to have used an SQL injection to breach defences, one of the most used and most easily defended against means of attack.

“On closer analysis, these points can be attributed to a single failing by T-Mobile – a lack of understanding of current security threats. By now companies should be aware of the risks posed to their IT systems by common vulnerabilities, such as SQL and XSS attacks. Additionally, if companies are handing out passwords to staff they should be unique to each person, meaning that if one account is compromised, others aren't.”

TeaMp0isoN has previously targeted large organisations, with the United Nations targeted in November, and hit the headlines in the summer when the official BlackBerry blog was defaced after its parent, RIM, said it would co-operate fully with the Home Office and police following the London riots.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Sandworm vulnerability seen targeting SCADA-based systems

Sandworm vulnerability seen targeting SCADA-based systems

Hard on the heels of the `Sandworm' spy group revealed by iSIGHT Partners earlier in the week, Trend Micro says its has spotted the zero-day vulnerability of the same name ...

Russian-speaking criminals account for £420m of card fraud annually

Russian-speaking criminals account for £420m of card fraud ...

New research claims to quantify the scale of card fraud in Russian speaking circles. And according to Group-IB's analysis over the last year, that fraud clocks in at a hefty ...

Light-based printer attack overcomes air-gapped computer security

Light-based printer attack overcomes air-gapped computer security

Multi-function printers - a route to bypass air-gapped computer security.