The hacking group TeaMp0isoN claims to have compromised Web servers used by T-Mobile, and absconded with account information for company employees, including members of T-Mobile’s media team.
The group used a post on its official Twitter account taking responsibility for the attack, which targeted a T-Mobile Web server that hosted part of the company’s Web page, including its media relations information. User names, e-mail addresses, phone numbers and passwords for around 80 T-Mobile staff were also posted, including what appear to be a dispiriting number of default passwords.
The leaked information was posted Saturday. However, the attack appears to have occurred in October, judging from date and time stamps on the leaked data, which appeared on pastebin.com.
T-Mobile did not immediately respond to requests for comment and could not confirm the breach. A Web page hosting the company’s media relations contacts was offline temporarily on Sunday and early Monday, but was back in service by Monday afternoon.
In an e-mail response, a T-Mobile spokesperson said that the company’s newsroom “experienced a security issue last week.” No other T-Mobile Web properties were affected by the breach, however.
“We’ve identified the root cause of the issue and security protocols have been updated,” the spokesperson wrote. “This issue did not impact T-Mobile customers.”
While no motive was given for the attack, it appears to have been designed to reveal weak security practices at the prominent telecommunications company. TeaMp0isoN took aim at the prevalence of an apparent default password to protect many users’ accounts.
“Look at the passwords, epic fail. All the passwords are manually given to staff via an admin who uses the same set of passwords,” the post read.
Little is know about TeamP0ison, which is a loosely affiliated hacking collective that is to be led by a hacker known as “TriCk” based in the UK. The group has claimed allegiance with Pakistani and Muslim-affiliated hacking groups. In the past year it has claimed credit for attacks on the United Nations Development Programme, Indian government Web sites and for the leak of confidential contact information from the UK Ministry of Defense and Australian government agencies.