Comments on: T-Mobile says network was not hacked or breached

Data posted by someone claiming to have hacked into T-Mobile's network is real but is not customer data, the phone company says.

[daimajinbuu]

No, T-Mobile WAS hacked. The act of covering up an embassasing situation, is cowardice. Truth will out.

[halox27]

The reality of the situation is that these types of hacks happen on a regular basis. I used t be in the "hacking" community and can guarantee you that the hackers are not looking for anything other than customer emails, social security#s and accounts. If someone posted it to the highest bidder, the odds are that they actually had he data. Im sue that T-Mobile was only looking to fight off the media storm when they issued this announcement.After seeing where their systems were exploited, T-Mobile could easily determine the types and amount of data that was compromised.

<strong>Johnny B
Founder, <a rel="" href="http://www.halocigs.com">Halo Electronic Cigarettes</a></strong>

[tgraysonco]

Are you guys kidding me, its a server list...

Hostname, Environment (production), ??, Application Name, AppName, IP, LOCATION?, ??, ??, ?

Looks like the results of some kind of vendor audit or some document enumerating nodes and their application function within a data center...

[tgraysonco]

Oh.. and guess what... this is what you get when you do IT at an arm's length in an enterprise... I bet they even passed their SOX and last IT audit performed by their big 5 partner too. It would be great to see an industry rag bring out ALL the detail. Including the clown-kart resourcing companies that supplied their staffing... It's the difference between having an IT workforce that cares, and one that knows you'll treat them like ****** no matter how hard they work for you.

Do you freaking business people really believe that you can outsource your inner operations... and remain safe? LOL what vested interest does an H1B contractor have beyond the term of his VISA... I guess your hoping that your half-implemented processes are going to protect your customer's data.

Do you outsource your finance and executive functions too? Perhaps you should start...

There needs to be stiff penalties for the exposure/compromise of personal information at the hands of a business entity, and criminal penalties for executives that supress the disclosure of it.

[solu1978]

Looks like you lost you job to someone from Asia .. lol

[tgraysonco]

Nope, never have been displaced, actually... just keep watching the turnover of poorly trained/qualified resources just because someone wanted to save a little money... and put all of our personal information at risk because of it.

[Michichael]

Looks like internal network routing information / application deployment information. General inventory mapping data - internal by the looks of it.

[gerrrg]

I believe you are correct. Those IP numbers are assigned to private internets, and the listed OS reference HP Unix, which seems like an odd thing to list if you were listing individual user data. Just because you have this list of software running on different servers doesn't mean that you have the passwords and the ability to get into TMo's private internet.

[Michichael]

Gerrrg:

Exactly. I mean, you could pull this same data from nmap or spiceworks on any internally connected computer. Hell, you could walk into their lobby, plug into their wall jack, and get this information from a network scan. This doesn't mean you've got access to anything. This data is like claiming you broke into the white house because you were able to zoom in via Google maps or grabbed a new employee's guide.

[johnfranks1234]

In the realm of risk, unmanaged possibilities become probabilities: These data breaches and thefts are due to a lagging business culture. As CIO, I'm always looking for ways to help my team, business teams, and ad hoc measures of various vendors, contractors and internal team members. A book that is required reading (specific chapters, depending on nature of projects) is "I.T. Wars: Managing the Business-Technology Weave in the New Millennium." It has a great chapter regarding security (among others).

We keep a few copies kicking around - it would be a bit much to expect outside agencies to purchase it on our say-so. But, particularly when entertaining bids for projects, we ask potential solutions partners to review relevant parts of the book, and it ensures that these agencies understand our values and practices.

The author, David Scott, has an interview here that is a great exposure: http://businessforum.com/DScott_02.html

The book came to us as a tip from one of our interns who attended a course at University of Wisconsin, where the book is in use; I like to pass along things that work, in the hope that good ideas continue to make their way to me. I hope you can make use of this info...