The information posted over the weekend by hackers who claimed to have hacked T-Mobile is legit, T-Mobile now says. But, it's not clear that the hackers have the full access to T-Mobile systems they claim.
On Saturday, hackers posted what appear to be logfiles taken from T-Mobile's networks to the Full Disclosure mailing list, claiming to have hacked the carrier "We have everything, their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009." they wrote.
Earlier today T-Mobile said it was investigating the hack, but they've now updated their statement, saying that they've identified the file that was copied, but noting that the fact that the hackers got this file doesn't necessarily mean that they have "everything," as claimed.
An e-mail I sent to the firstname.lastname@example.org address listed by the hackers bounced, so I can't ask them questions directly.
Here's T-Mobile's latest statement:
"To reaffirm, the protection of our customers' information and the security of our systems is paramount at T-Mobile. Regarding the recent claim on a Web site, we've identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers. We continue to investigate the matter, and have taken additional precautionary measures to further ensure our customers' information and our systems are protected. At this moment, we are unable to disclose additional information in order to protect the integrity of the investigation, but customers can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible."
If they really do have access to everything, why didn't they post a sample of the really good data? These guys claim they're trying to sell the information. Wouldn't that drive up the value?
The real question, though, is do they have any customer data?
Paul Davie, founder of data security specialist Secerno says probably not though. He told me, "If I were a customer of theirs I wouldn't immediately be worried. If these guys have personally identifiable information, then they would have exposed enough of that to give credibility to the story, because it's going to massively increase the value of what they're going to sell. So I suspect that they don't have that kind of thing."
Who knows, maybe they got the info from an insider? Maybe it came from a computer they bought on E-Bay? Still, a little more disclosure from T-Mobile would reassure me, if I were a customer.
UPDATE TUESDAY JUNE 9 -- 11:53 AM PACIFIC
T-Mobile has now isued a new statement, dropping the reference to them identifying the file in question and saying there is no evidence that their information has been compromised. It looks like they've gone the "little less disclosure" route. So what was this document they were talking about? Emphasis in the statement is mine.
"Following a recent online posting that someone allegedly accessed T-Mobile servers, the company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised. Reports to the contrary are inaccurate and should be corrected. T-Mobile continues to monitor this situation and as a precaution has taken additional measures to further ensure our customers' information and our systems are protected. As is our standard practice, customers can be assured if there is any evidence that customer or system information has been compromised, we would inform those affected as quickly as possible."