Digital Forensics: By Philip Maina 12 hours agoMon Oct 21 2024 10:33:15 Reading Time: 2 minutes DeFi platform Tapioca DAO is using a higher bounty to recover $4.7 million Tapioca has offered more than 20% of the hacked funds to the attacker The DeFi platform said that the hacker used [...]
Digital Forensics
T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company.
“T-Mobile systems have not been compromised. We are actively investigating a claim of an issue at a third-party service provider,” T-Mobile shared in a statement to BleepingComputer.
“We have no indication that T-Mobile customer data or source code was included and can confirm that the bad actor’s claim that T-Mobile’s infrastructure was accessed is false.”
This statement comes after IntelBroker, a well-known threat actor linked to numerous breaches, claimed to have breached T-Mobile in June 2024 and stolen source code.
To prove that the data is authentic and originates from a recent cyberattack, IntelBroker published several screenshots showing access with administrative privileges to a Confluence server and the company’s internal Slack channels for developers.
IntelBroker describes the data they’re selling as “Source code, SQL files, Images, Terraform data, t-mobile.com certifications, Siloprograms.”
However, a source told BleepingComputer that the data shared by IntelBroker is actually older screenshots of T-Mobile’s infrastructure posted to a third-party vendor’s servers, where it was stolen.
While BleepingComputer knows the name of this alleged service provider, we will not be publicly sharing it until we can confirm if they were breached.
Recently, IntelBroker has been rapidly releasing new data breaches, and if they all used this cloud provider, it could explain where all the data is coming from.
Based on IntelBroker’s screenshots, the hacker had access to a Jira instance for testing applications as recently as this month.
It is unclear how the hackers breached the provider, but one of the leaked images shows a search for critical vulnerabilities listing CVE-2024-1597, which affects Confluence Data Center and Server and has a severity score of 9.8 out of 10.
Whether the third-party vendor was breached with this vulnerability is currently unknown.
BleepingComputer attempted to contact IntelBroker about this incident but was unable to make contact.
T-Mobile has dealt with multiple cybersecurity incidents in the past, this one being the third that has impacted the company in some manner in less than two years. On January 19, 2023, the telecommunications company disclosed that hackers had stolen the personal information of 37 million customers.
In May 2023, the mobile telco revealed that data belonging to hundreds of customers had been exposed to unknown attackers for more than a month starting in February of the same year.
Digital Forensics Skip to content It’s a long-held belief of Mac users that their computers are immune to the kind of malware and viruses that plague Windows PCs. While there is some credibility in this idea, we shouldn’t get over-confident [...]
Digital Forensics: By Philip Maina 12 hours agoMon Oct 21 2024 10:33:15 Reading Time: 2 minutes DeFi platform Tapioca DAO is using a higher bounty to recover $4.7 million Tapioca has offered more than 20% of the hacked funds to [...]
Post comments (0)