Article Lead Image

Why T-Mobile got hacked

Staffers' passwords and personal information exposed—mostly because of the cell-phone carriers' poor security.

 

Fruzsina Eördögh

Tech

Posted on Jan 17, 2012   Updated on Jun 2, 2021, 10:36 pm CDT

Over the weekend, Team P0isoN, a group of hacktivists loosely affiliated with Anonymous,  broke into computer systems at T-Mobile USA and released personal staff information and passwords to the public.

As is often the case with hacks committed in the name of Anonymous, the hackers’ stated motivation was a mishmash of publicity-seeking opportunism and political statements.

T-Mobile’s security was poor, Team P0isoN explained in a document published on Pastebin, a site favored by Anonymous hackers.

“All the passwords are manually given to staff via an admin who uses the same set of passwords,” they wrote in the document, which included the passwords and user information.

One of the hackers told Softpedia, a technology publication, that T-Mobile’s compliance with the 2001 Patriot Act, regulations passed shortly after the 9/11 attack that allow law-enforcement officials broad access to telecommunications, was “Big Brother.”

“Any cell-phone company doing so I would see as a target,” he or she said. “One of the main reasons for the hack is because they are corrupted, but we also wanted to show how weak their security is.”

The hack involved a common technique for penetrating databases called SQL injection.

John Stock, a senior security consultant at Outpost24, told UK’s SC Magazine, an IT publication, that the breach of T-Mobile’s security displays a “ lack of understanding of current security threats,” since SQL injection is “one of the most used and most easily defended against means of attack.”

An embarrassing fail, as Team P0isoN would say.

Share this article
*First Published: Jan 17, 2012, 4:41 pm CST