This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

T-Mobile staff data and passwords hacked and published

Share this article:
T-Mobile staff data and passwords hacked and published
T-Mobile staff data and passwords hacked and published

The hacktivist group TeaMp0isoN has published the names and passwords of T-Mobile staff.

Following a dump of data on Pastebin, it said: "Look at the passwords, epic fail. All the passwords are manually given to staff via an admin who uses the same set of passwords." Talking to Softpedia the hackers said they targeted T-Mobile as it is supporting the Patriot Act in the US – and they would view any mobile phone company doing so as a legitimate target.

“One of the main reasons for the hack is because they are corrupted, but we also wanted to show how weak their security is,” the group said. It claimed to have found SQL injection vulnerabilities on the T-Mobile website where it found the names, email addresses, phone numbers and passwords of the administrators and staff members.

T-Mobile's parent company, Deutsche Telekom, said that only the newsroom section of the website was compromised and no other T-Mobile proprieties were affected. No customers have been affected, it said.

John Stock, senior security consultant at Outpost24, said: “The most worrying aspects of this attack are twofold. Firstly, the passwords used by T-Mobile staff seem to have been given to them by administrators who employ the same password for each individual, a fundamental security error. Secondly, TeaMp0isoN seem to have used an SQL injection to breach defences, one of the most used and most easily defended against means of attack.

“On closer analysis, these points can be attributed to a single failing by T-Mobile – a lack of understanding of current security threats. By now companies should be aware of the risks posed to their IT systems by common vulnerabilities, such as SQL and XSS attacks. Additionally, if companies are handing out passwords to staff they should be unique to each person, meaning that if one account is compromised, others aren't.”

TeaMp0isoN has previously targeted large organisations, with the United Nations targeted in November, and hit the headlines in the summer when the official BlackBerry blog was defaced after its parent, RIM, said it would co-operate fully with the Home Office and police following the London riots.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.