This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

T-Mobile staff data and passwords hacked and published

Share this article:
T-Mobile staff data and passwords hacked and published
T-Mobile staff data and passwords hacked and published

The hacktivist group TeaMp0isoN has published the names and passwords of T-Mobile staff.

Following a dump of data on Pastebin, it said: "Look at the passwords, epic fail. All the passwords are manually given to staff via an admin who uses the same set of passwords." Talking to Softpedia the hackers said they targeted T-Mobile as it is supporting the Patriot Act in the US – and they would view any mobile phone company doing so as a legitimate target.

“One of the main reasons for the hack is because they are corrupted, but we also wanted to show how weak their security is,” the group said. It claimed to have found SQL injection vulnerabilities on the T-Mobile website where it found the names, email addresses, phone numbers and passwords of the administrators and staff members.

T-Mobile's parent company, Deutsche Telekom, said that only the newsroom section of the website was compromised and no other T-Mobile proprieties were affected. No customers have been affected, it said.

John Stock, senior security consultant at Outpost24, said: “The most worrying aspects of this attack are twofold. Firstly, the passwords used by T-Mobile staff seem to have been given to them by administrators who employ the same password for each individual, a fundamental security error. Secondly, TeaMp0isoN seem to have used an SQL injection to breach defences, one of the most used and most easily defended against means of attack.

“On closer analysis, these points can be attributed to a single failing by T-Mobile – a lack of understanding of current security threats. By now companies should be aware of the risks posed to their IT systems by common vulnerabilities, such as SQL and XSS attacks. Additionally, if companies are handing out passwords to staff they should be unique to each person, meaning that if one account is compromised, others aren't.”

TeaMp0isoN has previously targeted large organisations, with the United Nations targeted in November, and hit the headlines in the summer when the official BlackBerry blog was defaced after its parent, RIM, said it would co-operate fully with the Home Office and police following the London riots.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

European Central Bank loses personal records after data breach

European Central Bank loses personal records after data ...

The European Central Bank admitted today that its website was hacked and said that some email addresses and other contact information was stolen.

34 European banks hit by Android app security attacks

34 European banks hit by Android app security ...

Banks need to put their heads together to develop common and more secure methodologies says Sarb Sembhi, STORM Guidance, following operation Emmental.

Entrepreneur develops hacked data search engine

Entrepreneur develops hacked data search engine

A Portuguese entrepreneur is said to have developed a specialised search engine that can allow access to leaked or allegedly stolen access credentials.