20TH JUN 2024
T-Mobile has denied allegations of a security breach and the theft of source code following a threat actor's claim that stolen data from the telecommunications giant is up for sale.
We take a look at allegations behind the T-Mobile data breach in today’s report.
A formal statement to this effect has been issued by the telecom services provider:
The statement addresses accusations made by IntelBroker, a notorious threat actor linked to several previous breaches. IntelBroker claimed to have breached T-Mobile in June 2024, allegedly stealing source code.
To substantiate these claims, IntelBroker released screenshots purportedly showing administrative access to a Confluence server and the company's internal Slack channels for developers. The data IntelBroker claims to possess includes:
Source code
SQL files
Images
Terraform data
t-mobile.com certifications
Siloprograms
However, a source has informed that the data IntelBroker is sharing comprises older screenshots of T-Mobile's infrastructure, originally posted to a third-party vendor's servers where it was subsequently stolen.
Reportedly, BleepingComputer is withholding the name of the alleged service provider until further confirmation of the breach.
Recently, IntelBroker has been prolific in releasing data from various breaches, potentially all linked to the same cloud provider. Screenshots from IntelBroker suggest the hacker had access to a Jira instance for application testing as recently as this month. One leaked image shows a search for critical vulnerabilities, including CVE-2024-1597, which affects Confluence Data Center and Server with a severity score of 9.8 out of 10. It remains unclear if this vulnerability was exploited to breach the third-party vendor.
Sources have been unable to contact IntelBroker for further details on the incident.
This situation marks the third cybersecurity incident impacting T-Mobile in less than two years. On January 19, 2023, T-Mobile disclosed that hackers had stolen personal information from 37 million customers. In May 2023, the company revealed that data belonging to hundreds of customers had been exposed to attackers for more than a month, starting in February of the same year.
As T-Mobile continues to investigate the current claims, the telecommunications company reiterates its commitment to safeguarding customer data and maintaining the integrity of its systems. These past few years, the telecoms sector has become a favorite target for cybercriminals to exploit.
