Malware
T-Mobile Refutes Hacking Claims, Connects Leaked Data to Vendor Breach: Unveiling the Truth
T-Mobile has denied allegations of a data breach, claiming leaked data affecting 2.3 million customers is linked to a vendor’s security incident. The company has confirmed that some customer information was exposed, but insists that no financial data or social security numbers were affected in the incident.
Despite recent claims by a threat actor that they’ve stolen data from T-Mobile, the company has denied any breach or theft of source code. In a statement, T-Mobile told us, “T-Mobile systems have not been compromised. We are actively investigating a claim of an issue at a third-party service provider.”
Furthermore, the company added, “We have no indication that T-Mobile customer data or source code was included and can confirm that the bad actor’s claim that T-Mobile’s infrastructure was accessed is false.”
What’s the story behind the claim?
IntelBroker, a notorious threat actor linked to several data breaches, claimed to have breached T-Mobile in June 2024 and stolen source code. To prove the authenticity of the data, IntelBroker released screenshots showing administrative access to a Confluence server and internal Slack channels for T-Mobile developers.
The data being sold by IntelBroker includes “Source code, SQL files, Images, Terraform data, t-mobile.com certifications, Siloprograms.”
However, our investigation revealed that the data shared by IntelBroker is actually older screenshots of T-Mobile’s infrastructure, posted to a third-party vendor’s servers, where it was then stolen. While we know the name of this alleged service provider, we won’t be sharing it until we can confirm whether a breach occurred.
Interestingly, IntelBroker has been releasing data breaches at a rapid pace. If all the breaches involved this cloud provider, it could explain where the data originated.
How did the hackers gain access?
Based on IntelBroker’s screenshots, the hacker had access to a Jira instance for testing applications as recently as this month. It’s unclear how they breached the provider, but one of the leaked images shows a search for critical vulnerabilities, listing CVE-2024-1597, which affects Confluence Data Center and Server and has a severity score of 9.8 out of 10.
Whether the third-party vendor was breached with this vulnerability remains unknown.
Unfortunately, we weren’t able to contact IntelBroker about this incident.
A history of cybersecurity incidents
This isn’t the first time T-Mobile has had to deal with cybersecurity incidents. In fact, this is the third incident impacting the company in less than two years. On January 19, 2023, T-Mobile disclosed that hackers had stolen personal information belonging to 37 million customers.
In May 2023, T-Mobile revealed that data belonging to hundreds of customers had been exposed to unknown attackers for over a month, starting in February of the same year.
Stay informed and stay safe
As the digital landscape continues to evolve, it’s crucial for individuals and businesses to prioritize cybersecurity. We’re here to help you navigate this complex world, and we encourage you to contact us to stay informed and learn more about protecting your digital assets.