T-Mobile has confirmed it recently suffered a data breach in which hackers compromised the company's servers and reportedly copied customer information.
An anonymous post published on the Full Disclosure security mailing list with the following message: "We have everything -- their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009," according to the Full Disclosure post.
The poster offered the information to T-Mobile competitors, who weren't interested in the information, and is now willing to sell it to the highest bidder available.
"We already contacted with their competitors and they didn't show interest in buying their data -- probably because the mails got to the wrong people -- so now we are offering them for the highest bidder," the post claims.
T-Mobile is looking into the matter to try and identify whether or not the hacker actually walked away with information that can be sold to a T-Mobile competitor.
"We've identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers," T-Mobile said in a statement. "Customers can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible."
Some security experts have come forward to say they believe the post on the Full Disclosure forum is nothing more than a hoax, saying it's unlikely someone would go through the trouble of compromising T-Mobile's servers to gain information without a buyer already identified.
At least one security expert said that even though companies routinely have their databases breached with information taken, it's rare that the people responsible publicly discuss the matter. Security experts and analysts are curious to learn how serious the data breach was, and if any T-Mobile subscribers face possible identity theft because of the intrusion.
quote: We already contacted with their competitors
quote: the mails got to the wrong people