• On GameFAQs: What causes the Red Ring of Death?
June 9, 2009 1:17 PM PDT

T-Mobile says network was not hacked or breached

by Elinor Mills

A T-Mobile spokesman said on Tuesday that data someone posted to a security e-mail list over the weekend was legitimate T-Mobile data but not customer information, and that the phone company's network was not hacked or breached as the poster claimed.

The statement raises more questions than it answers. If indeed there was no network hack, could there have been an inside leak? Or could it have been something as low-tech as dumpster diving, in which records are obtained from trash bins outside a company's offices?

All T-Mobile would say is that it is investigating how the information was obtained.

On Saturday, someone posted to the Full Disclosure e-mail list claiming to have hacked into T-Mobile's computer network.

"We have everything, their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009," the poster wrote, adding that the data was being offered up to the highest bidder. As evidence of the hack the post included a bunch of lines of codes that look like they reference some operating systems and possibly IP addresses.

T-Mobile said the data is not customer data, but declined to say what it is. On Monday, T-Mobile said it was investigating the situation.

Then late on Monday, the company issued a statement that said: "Regarding the recent claim on a Web site, we've identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers."

On Tuesday, T-Mobile issued an updated statement that removed that wording and added: "The company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised. Reports to the contrary are inaccurate and should be corrected."

T-Mobile says the data isn't customer data. So what is it?

(Credit: T-Mobile)
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

News,

Privacy & data protection

Tags:

T-Mobile,

hack,

breach

Share:
Digg
Del.icio.us
Reddit
advertisement
Click here!
Recent posts from Security
Panda's Cloud Antivirus leaves beta behind
Apple plugs holes for domain spoofing, other attacks
Microsoft launches Forefront Protection 2010
'60 Minutes'--Cyberwar: Sabotaging the system
Microsoft to fix holes in Windows, Office
Google privacy controls: Most people won't care
Zero-day flaw found in Web encryption
Mac Game: Art project or malware?
Related
T-Mobile halts sales of Sidekick
With outage, Sidekick service loses its footing
T-Mobile users still reeling from outage
T-Mobile experiencing widespread outage
T-Mobile says Sidekick data may yet return
Lawsuits filed over Sidekick outages
Week in review: Data loss disasters
T-Mobile says software error behind outage
Add a Comment (Log in or register) (10 Comments)
  • prev
  • 1
  • next
by daimajinbuu June 9, 2009 2:31 PM PDT
No, T-Mobile WAS hacked. The act of covering up an embassasing situation, is cowardice. Truth will out.
Reply to this comment
by halox27 October 5, 2009 12:51 PM PDT
The reality of the situation is that these types of hacks happen on a regular basis. I used t be in the "hacking" community and can guarantee you that the hackers are not looking for anything other than customer emails, social security#s and accounts. If someone posted it to the highest bidder, the odds are that they actually had he data. Im sue that T-Mobile was only looking to fight off the media storm when they issued this announcement.After seeing where their systems were exploited, T-Mobile could easily determine the types and amount of data that was compromised.

<strong>Johnny B
Founder, <a rel="" href="http://www.halocigs.com">Halo Electronic Cigarettes</a></strong>
by tgraysonco June 9, 2009 4:02 PM PDT
Are you guys kidding me, its a server list...

Hostname, Environment (production), ??, Application Name, AppName, IP, LOCATION?, ??, ??, ?

Looks like the results of some kind of vendor audit or some document enumerating nodes and their application function within a data center...
Reply to this comment
by tgraysonco June 9, 2009 4:16 PM PDT
Oh.. and guess what... this is what you get when you do IT at an arm's length in an enterprise... I bet they even passed their SOX and last IT audit performed by their big 5 partner too. It would be great to see an industry rag bring out ALL the detail. Including the clown-kart resourcing companies that supplied their staffing... It's the difference between having an IT workforce that cares, and one that knows you'll treat them like ****** no matter how hard they work for you.

Do you freaking business people really believe that you can outsource your inner operations... and remain safe? LOL what vested interest does an H1B contractor have beyond the term of his VISA... I guess your hoping that your half-implemented processes are going to protect your customer's data.

Do you outsource your finance and executive functions too? Perhaps you should start...

There needs to be stiff penalties for the exposure/compromise of personal information at the hands of a business entity, and criminal penalties for executives that supress the disclosure of it.
Reply to this comment
by solu1978 June 9, 2009 4:22 PM PDT
Looks like you lost you job to someone from Asia .. lol
by tgraysonco June 10, 2009 7:41 AM PDT
Nope, never have been displaced, actually... just keep watching the turnover of poorly trained/qualified resources just because someone wanted to save a little money... and put all of our personal information at risk because of it.
by Michichael June 9, 2009 4:26 PM PDT
Looks like internal network routing information / application deployment information. General inventory mapping data - internal by the looks of it.
Reply to this comment
by gerrrg June 9, 2009 4:52 PM PDT
I believe you are correct. Those IP numbers are assigned to private internets, and the listed OS reference HP Unix, which seems like an odd thing to list if you were listing individual user data. Just because you have this list of software running on different servers doesn't mean that you have the passwords and the ability to get into TMo's private internet.
by Michichael June 10, 2009 8:18 AM PDT
Gerrrg:

Exactly. I mean, you could pull this same data from nmap or spiceworks on any internally connected computer. Hell, you could walk into their lobby, plug into their wall jack, and get this information from a network scan. This doesn't mean you've got access to anything. This data is like claiming you broke into the white house because you were able to zoom in via Google maps or grabbed a new employee's guide.
by johnfranks1234 June 10, 2009 11:58 AM PDT
In the realm of risk, unmanaged possibilities become probabilities: These data breaches and thefts are due to a lagging business culture. As CIO, I'm always looking for ways to help my team, business teams, and ad hoc measures of various vendors, contractors and internal team members. A book that is required reading (specific chapters, depending on nature of projects) is "I.T. Wars: Managing the Business-Technology Weave in the New Millennium." It has a great chapter regarding security (among others).

We keep a few copies kicking around - it would be a bit much to expect outside agencies to purchase it on our say-so. But, particularly when entertaining bids for projects, we ask potential solutions partners to review relevant parts of the book, and it ensures that these agencies understand our values and practices.

The author, David Scott, has an interview here that is a great exposure: http://businessforum.com/DScott_02.html

The book came to us as a tip from one of our interns who attended a course at University of Wisconsin, where the book is in use; I like to pass along things that work, in the hope that good ideas continue to make their way to me. I hope you can make use of this info...
Reply to this comment
(10 Comments)
  • prev
  • 1
  • next
advertisement

After 5 years, Firefox faces new challenges

Mozilla helped reshape the Web since releasing Firefox 1.0 five years ago. Now it's got a reawakened Microsoft and Google Chrome to reckon with.

There's a map for that: GPS or smartphone?

Almost every handset comes with mapping software these days, but standalone GPS devices are becoming more affordable than ever.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET