This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

T-Mobile staff data and passwords hacked and published

Share this article:
T-Mobile staff data and passwords hacked and published
T-Mobile staff data and passwords hacked and published

The hacktivist group TeaMp0isoN has published the names and passwords of T-Mobile staff.

Following a dump of data on Pastebin, it said: "Look at the passwords, epic fail. All the passwords are manually given to staff via an admin who uses the same set of passwords." Talking to Softpedia the hackers said they targeted T-Mobile as it is supporting the Patriot Act in the US – and they would view any mobile phone company doing so as a legitimate target.

“One of the main reasons for the hack is because they are corrupted, but we also wanted to show how weak their security is,” the group said. It claimed to have found SQL injection vulnerabilities on the T-Mobile website where it found the names, email addresses, phone numbers and passwords of the administrators and staff members.

T-Mobile's parent company, Deutsche Telekom, said that only the newsroom section of the website was compromised and no other T-Mobile proprieties were affected. No customers have been affected, it said.

John Stock, senior security consultant at Outpost24, said: “The most worrying aspects of this attack are twofold. Firstly, the passwords used by T-Mobile staff seem to have been given to them by administrators who employ the same password for each individual, a fundamental security error. Secondly, TeaMp0isoN seem to have used an SQL injection to breach defences, one of the most used and most easily defended against means of attack.

“On closer analysis, these points can be attributed to a single failing by T-Mobile – a lack of understanding of current security threats. By now companies should be aware of the risks posed to their IT systems by common vulnerabilities, such as SQL and XSS attacks. Additionally, if companies are handing out passwords to staff they should be unique to each person, meaning that if one account is compromised, others aren't.”

TeaMp0isoN has previously targeted large organisations, with the United Nations targeted in November, and hit the headlines in the summer when the official BlackBerry blog was defaced after its parent, RIM, said it would co-operate fully with the Home Office and police following the London riots.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

New Androids will encrypt your data just like iPhones

New Androids will encrypt your data just like ...

Google has promised that the next generation of Android phones will automatically encrypt data - preventing police and other agencies snooping on their users.

Russian cyber attack exploits Scottish independence vote

Russian cyber attack exploits Scottish independence vote

UK oil firms warned to guard against new campaign as Russian malware exploits Scottish independende vote.

Card and banking fraud back on the rise again

Card and banking fraud back on the rise ...

Banking and card fraud back on the rise again says the FFA UK as crime increasingly moves online.