Skip to content

T-Mobile denies data breach claims by IntelBroker

  • by
  • 3 min read

T-Mobile has firmly denied allegations that its systems were breached or its source code was stolen. The telecommunications giant’s statement follows claims by a notorious threat actor, IntelBroker, who asserted they had infiltrated T-Mobile’s infrastructure and sold stolen data.

IntelBroker, known for its involvement in several high-profile breaches, claimed to have accessed T-Mobile’s systems in June 2024. To substantiate these claims, the threat actor published screenshots purportedly showing administrative access to a Confluence server and internal Slack channels used by T-Mobile developers.

The data IntelBroker is allegedly selling includes source code, SQL files, images, Terraform data, t-mobile.com certifications and Siloprograms.

Despite these assertions, a source informed BleepingComputer that the screenshots presented by IntelBroker are outdated and were obtained directly from servers belonging to a third-party vendor rather than T-Mobile.

“T-Mobile systems have not been compromised. We are actively investigating a claim of an issue at a third-party service provider,” T-Mobile told BleepingComputer. “We have no indication that T-Mobile customer data or source code was included and can confirm that the bad actor’s claim that T-Mobile’s infrastructure was accessed is false.”

Source: BleepingComputer

While the name of the implicated third-party service provider remains undisclosed pending confirmation of a breach, this incident has raised significant concerns. IntelBroker has recently been prolific in releasing new data breaches, often involving data allegedly sourced from this cloud provider. This pattern suggests a broader issue with the provider’s security measures.

Screenshots posted by IntelBroker indicate access to a Jira instance used for testing applications as recently as this month. One leaked image revealed a search for critical vulnerabilities, including CVE-2024-1597, a severe flaw affecting Confluence Data Center and Server, with a severity score of 9.8 out of 10. Whether this vulnerability was the entry point for the breach remains unclear.

This incident marks the third significant cybersecurity issue T-Mobile has faced in less than two years. In January 2023, the company disclosed that hackers had stolen the personal information of 37 million customers. Just a few months later, in May 2023, data belonging to hundreds of customers was exposed to attackers over a month starting in February.

As T-Mobile continues to grapple with these cybersecurity challenges, the investigation into IntelBroker’s latest claims is ongoing.

Recently, reports emerged that the same threat actor has infiltrated AMD’s systems and exposed sensitive data on the hacker forum. This prompted the company to launch an investigation and accept the threat actor’s claim. However, as per AMD, the data breach was minimal and didn’t impact the company’s operations.

In the News: AMD reports limited data breach, downplays impact on operations

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>