T-Mobile is now saying that the information that was posted to the Full Disclosure security mailing list this weekend is in fact the company’s data. But the company stopped short of confirming that the anonymous hackers have access to customer data and other sensitive information, as they have claimed.
“Like Checkpoint Tmobile has been owned for some time. We have everything, their databases, confidental documents, scripts and programs from their servers, financial documents up to 2009. We already contacted with their competitors and they didn’t show interest in buying their data -probably because the mails got to the wrong people- so now we are offering them for the highest bidder,” the hackers wrote in their Full Disclosure post.
But, as Bob McMillan points out in his post on the attack, if the attackers really have the goods, why not give up a little sample to prove the data’s value?
If they really do have access to everything, why didn’t they post a sample of the really good data? These guys claim they’re trying to sell the information. Wouldn’t that drive up the value?
The real question, though, is do they have any customer data?
The answer may be as simple as the attackers not wanting to give T-Mobile any further clues to help with their investigation. But it may also be that the attackers got nothing more than some log files and are trying to turn that into a big payday.