T-Mobile USA Inc. is investigating whether it has a security breach on its hands.
A person claiming to have hacked the carrier’s customer database bragged about the alleged exploit on the security site Full Disclosure over the weekend, asking to sell the information to the highest bidder. The would-be hacker extraordinaire claims he got “everything, their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009.”
Truth or online braggadocio? T-Mobile issued a statement on the matter: “The protection of our customers’ information, and the safety and security of our systems, is absolutely paramount at T-Mobile,” the company said. “Regarding the recent claim, we are fully investigating the matter. As is our standard practice, if there is any evidence that customer information has been compromised, we would inform those affected as soon as possible.”
Steve Santorelli, a former Scotland Yard detective who is director of global outreach at security research firm Team Cymru, for one, is skeptical. He told CNET that “The way this data has been offered is not the way the Underground Economy usually works.”