Update: Hacking Group TeaMp0isoN Claims Breach of T-Mobile

The hacking group TeaMp0isoN claims to have compromised Web servers used by T-Mobile, and absconded with account information for company employees, including members of T-Mobile’s media team.

TeamPoisonThe hacking group TeaMp0isoN claims to have compromised Web servers used by T-Mobile, and absconded with account information for company employees, including members of T-Mobile’s media team.

The group used a post on its official Twitter account taking responsibility for the attack, which targeted a T-Mobile Web server that hosted part of the company’s Web page, including its media relations information. User names, e-mail addresses, phone numbers and passwords for around 80 T-Mobile staff were also posted, including what appear to be a dispiriting number of default passwords.

The leaked information was posted Saturday. However, the attack appears to have occurred in October, judging from date and time stamps on the leaked data, which appeared on pastebin.com.

T-Mobile did not immediately respond to requests for comment and could not confirm the breach. A Web page hosting the company’s media relations contacts was offline temporarily on Sunday and  early Monday, but was back in service by Monday afternoon.

In an e-mail response, a T-Mobile spokesperson said that the company’s newsroom “experienced a security issue last week.” No other T-Mobile Web properties were affected by the breach, however.

“We’ve identified the root cause of the issue and security protocols have been updated,” the spokesperson wrote. “This issue did not impact T-Mobile customers.”

While no motive was given for the attack, it appears to have been designed to reveal weak security practices at the prominent telecommunications company. TeaMp0isoN took aim at the prevalence of an apparent default password to protect many users’ accounts.

“Look at the passwords, epic fail. All the passwords are manually given to staff via an admin who uses the same set of passwords,” the post read.

Little is know about TeamP0ison, which is a loosely affiliated hacking collective that is to be led by a hacker known as “TriCk” based in the UK. The group has claimed allegiance with Pakistani and Muslim-affiliated hacking groups. In the past year it has claimed credit for attacks on the United Nations Development Programme, Indian government Web sites and for the leak of confidential contact information from the UK Ministry of Defense and Australian government agencies.

Suggested articles

Discussion

  • Anonymous on

    I worked for T-Mobile USA for over 6 years and I can verify with first-hand experience that default passwords from vendors are rarely changed, admin/root passwords are shared across multiple accounts/systems and things such as basic system hardening are rarely performed on MANY, MANY systems. Internal, external, doesn't matter.

    Security is paid lip-service only.

     

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.