T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company.
"T-Mobile systems have not been compromised. We are actively investigating a claim of an issue at a third-party service provider," T-Mobile shared in a statement to BleepingComputer.
"We have no indication that T-Mobile customer data or source code was included and can confirm that the bad actor's claim that T-Mobile's infrastructure was accessed is false."
This statement comes after IntelBroker, a well-known threat actor linked to numerous breaches, claimed to have breached T-Mobile in June 2024 and stolen source code.
To prove that the data is authentic and originates from a recent cyberattack, IntelBroker published several screenshots showing access with administrative privileges to a Confluence server and the company's internal Slack channels for developers.
IntelBroker describes the data they're selling as "Source code, SQL files, Images, Terraform data, t-mobile.com certifications, Siloprograms."
However, a source told BleepingComputer that the data shared by IntelBroker is actually older screenshots of T-Mobile's infrastructure posted to a third-party vendor's servers, where it was stolen.
While BleepingComputer knows the name of this alleged service provider, we will not be publicly sharing it until we can confirm if they were breached.
Recently, IntelBroker has been rapidly releasing new data breaches, and if they all used this cloud provider, it could explain where all the data is coming from.
Based on IntelBroker's screenshots, the hacker had access to a Jira instance for testing applications as recently as this month.
It is unclear how the hackers breached the provider, but one of the leaked images shows a search for critical vulnerabilities listing CVE-2024-1597, which affects Confluence Data Center and Server and has a severity score of 9.8 out of 10.
Whether the third-party vendor was breached with this vulnerability is currently unknown.
BleepingComputer attempted to contact IntelBroker about this incident but was unable to make contact.
T-Mobile has dealt with multiple cybersecurity incidents in the past, this one being the third that has impacted the company in some manner in less than two years. On January 19, 2023, the telecommunications company disclosed that hackers had stolen the personal information of 37 million customers.
In May 2023, the mobile telco revealed that data belonging to hundreds of customers had been exposed to unknown attackers for more than a month starting in February of the same year.
Comments
Kkittie - 4 months ago
T-Mobile is lying through its teeth. IT WAS HACKED! Not only did the hackers get present customers' information, but also past customers info. I know because I am a past customer. I closed my account for my phone on March 1, 2024, and today found out that there is a pending automatic withdrawal from T-Mobile for $10, posted today. I called T-Mobile, which tried to tell me it was actually for a credit for new customers, which is $5 a line for opening an account. However, I have not returned as a customer or contacted T-Mobile about returning, so should not have this automatic withdrawal. I had to explain it was a debit and not a credit. Then the customer service rep told me that no one would have access to past customers information since they don't keep it. I think the fact that I have a pending automatic withdrawal from T-Mobile put a lie to this statement. I insisted the customer rep relay this information to T-Mobile higher ups, but unfortunately could not get information on how to contact them to report this information to them directly.