The hackers proved that the company's domains are not properly secured
The infamous hacktivist collective TeaMp0isoN breached the official website of T-Mobile, one of the largest wireless communications providers in the world, leaking sensitive login information that belongs to their staff and administrators.The hackers posted a document on Pastebin to prove the success of the operation, but we’ve contacted them to find out the details and the main reason why T-Mobile is a target.
“They are known to be supporting the Big Brother Patriot Act law. Any cell phone company doing so I would see as a target,” said one of the hackers.
“One of the main reasons for the hack is because they are corrupted, but we also wanted to show how weak their security is.”
The hackers found SQL injection vulnerabilities on t-mobile.com and newsroom.t-mobile.com and managed to get a hold of the names, email addresses, phone numbers and passwords of the administrators and staff members.
“Look at the passwords, epic fail. All the passwords are manually given to staff via an admin who uses the same set of passwords,” the hackers said after analyzing the data.
We've tried to get in touch with the company for a statement, but the media contact page is hosted on one of the breached subdomains and it’s currently taken offline, which probably means that they're currently dealing with the incident.
TeaMp0isoN is one of the more active collectives from the hacking scene. They are involved in most of the major operations, such as Op Robin Hood or Op Free Palestine and even if they don’t hack too many websites, the ones they do breach are usually important.
They are also the ones that breached the United Nations servers back in November 2011, proving that the information they obtained was not outdated as the organization stated after the incident was made public.
Update. Since T-Mobile's media contact website was down yesterday, we contacted Deutsche Telekom, T-Mobile’s parent company, for details regarding the incident.
They stated that only the newsroom was compromised and no other T-Mobile proprieties were impacted. The breach hasn’t affected their customers in any way.