BlogNews20TH JUN 2024
AuthorSamir Yawar
3 min read
News

T-Mobile data breach reports denied amid stolen source code claims

Twitter
Facebook
WhatsApp
Email
LinkedIn
Feature image for a news report on T-Mobile data breach
BlogNews20TH JUN 2024
3 min read
News

T-Mobile data breach reports denied amid stolen source code claims

AuthorSamir Yawar
Twitter
Facebook
WhatsApp
Email
LinkedIn
Feature image for a news report on T-Mobile data breach

T-Mobile has denied allegations of a security breach and the theft of source code following a threat actor's claim that stolen data from the telecommunications giant is up for sale.

We take a look at allegations behind the T-Mobile data breach in today’s report.

Details on the Alleged T-Mobile Data Breach


A formal statement to this effect has been issued by the telecom services provider:

T-Mobile systems have not been compromised. We are actively investigating a claim of an issue at a third-party service provider. We have no indication that T-Mobile customer data or source code was included and can confirm that the bad actor's claim that T-Mobile's infrastructure was accessed is false."

The statement addresses accusations made by IntelBroker, a notorious threat actor linked to several previous breaches. IntelBroker claimed to have breached T-Mobile in June 2024, allegedly stealing source code.

To substantiate these claims, IntelBroker released screenshots purportedly showing administrative access to a Confluence server and the company's internal Slack channels for developers. The data IntelBroker claims to possess includes:

  • Source code

  • SQL files

  • Images

  • Terraform data

  • t-mobile.com certifications

  • Siloprograms

However, a source has informed that the data IntelBroker is sharing comprises older screenshots of T-Mobile's infrastructure, originally posted to a third-party vendor's servers where it was subsequently stolen.

Screengrab of IntelBroker sharing T-Mobile information from data breach
IntelBroker has shared details of information stolen from the T-Mobile data breach | Source: IntelBroker

Reportedly, BleepingComputer is withholding the name of the alleged service provider until further confirmation of the breach.

More IntelBroker Breaches

Recently, IntelBroker has been prolific in releasing data from various breaches, potentially all linked to the same cloud provider. Screenshots from IntelBroker suggest the hacker had access to a Jira instance for application testing as recently as this month. One leaked image shows a search for critical vulnerabilities, including CVE-2024-1597, which affects Confluence Data Center and Server with a severity score of 9.8 out of 10. It remains unclear if this vulnerability was exploited to breach the third-party vendor.

Sources have been unable to contact IntelBroker for further details on the incident.

Has T-Mobile suffered a data breach before?

This situation marks the third cybersecurity incident impacting T-Mobile in less than two years. On January 19, 2023, T-Mobile disclosed that hackers had stolen personal information from 37 million customers. In May 2023, the company revealed that data belonging to hundreds of customers had been exposed to attackers for more than a month, starting in February of the same year.

As T-Mobile continues to investigate the current claims, the telecommunications company reiterates its commitment to safeguarding customer data and maintaining the integrity of its systems.

Samir Yawar
Samir Yawar / Content Lead
Samir wants a world where people can instinctively whack online scams and feel accomplished without the need for psychic powers. As an ISC2 member, he is doing his bit to turn cybersecurity awareness training into a fun concept with simple, approachable and accessible content. Reach out to him at X @yawarsamir
FAQsFrequently Asked Questions
Information at risk in a data breach can include personal details (names, addresses, social security numbers), financial information (credit card numbers, bank account details), login credentials, medical records, and other sensitive data. The severity of the breach depends on the type and amount of information compromised.