An email posted to the Full Disclosure mail list on Saturday by pwnmobile_at_Safe-mail.net claims:
Like Checkpoint Tmobile has been owned for some time. We have everything, their databases, confidental documents, scripts and programs from their servers, financial documents up to 2009.
We already contacted with their competitors and they didn’t show interest in buying their data -probably because the mails got to the wrong people- so now we are
offering them for the highest bidder.Please only serious offers, don’t waste our time.
The full email, which contains alleged evidence of what they claim to have accessed and acquired, can be read via Insecure.org.
In response to an email inquiry I sent to T-Mobile last night asking them whether the claims could be confirmed or denied, a corporate spokesperson responded:
The protection of our customers’ information, and the safety and security of our systems, is absolutely paramount at T-Mobile. Regarding the recent claim, we are fully investigating the matter. As is our standard practice, if there is any evidence that customer information has been compromised, we would inform those affected as soon as possible.
.
As John Oates of The Register notes, it’s not yet clear whether there really was a breach, although there are some comments from anonymous online posters in various blogs who claim to have worked for T-Mobile who indicate that the data look real. Others claim it is likely a hoax.
The Checkpoint reference is to an earlier disclosure on the mail list.
June 9: See update.