T-Mobile USA hacked
A group of hackers that goes by the name "TeaMp0isoN" claims to have obtained access credentials belonging to staff at US Deutsche Telekom subsidiary T-Mobile USA. To back up their claim, the hackers posted data to the Pastebin anonymous text hosting service. One member of the group told Softpedia that the hack involved exploiting SQL injection vulnerabilities on the t-mobile.com and newsroom.t-mobile.com web sites.
According to T-Mobile, the problem was limited to the T-Mobile USA newsroom. This claim seems plausible, with spot testing by The H's associates at heise Security finding that the published credentials did indeed belong to newsroom staff. This would limit the scale of any problems arising as a result – the intruders may be able to publish fake press releases. Based on the information provided, private customer data was never at risk.
Most of the passwords consist of a simple six-digit number composed of two numbers repeated such as "112112". T-Mobile USA says that it has now fixed the vulnerabilities.