A hacktivist group believed to be linked to Anonymous has posted the private information of about 80 T-Mobile employees after apparently exploiting several website vulnerabilities.
We've identified the basis explanation for the problem and security protocols were updated.T-Mobile spokesperson
The group calling itself TeaMp0isoN, posted the names, email addresses, phone numbers and passwords of the staff following a T-Mobile attack that came about last week. Within the post at the Pastebin website, the hacktivist group said the passwords seem to have been manually given to staff via an administrator who uses an analogous set of passwords.
The group claimed to have exploited SQL injection vulnerabilities to acquire the guidelines. In a report at the T-Mobile attack at the Softpedia website, the crowd said it attacked the company's server because T-Mobile is understood for supporting the "Big Brother Patriot Act" law.
Contacted by phone, William Boni, vice chairman of data security and company information security officer referred all inquiries to T-Mobile's corporate press office. T-Mobile's parent company Deutsche Telekom said the attack impacted its media team. Customers were not affected, an organization spokesperson said.
The breach affected T-Mobile's newsroom, that is hosted by an external third party. No other online T-Mobile properties were affected.Â
"We've identified the basis reason for the problem and security protocols had been updated," a spokesperson told SearchSecurity.com. "This issue didn't impact T-Mobile customers."
T-Mobile has needed to sort out data leakage previously. In 2009, the U.K. arm of the telecommunications giant handled an insider attack wherein two employees were accountable for stealing possibly millions of T-Mobile U.K. customer records and selling the information to competitors. The information included customers' contract renewal information, including customers' contract expiration dates. T-Mobile said the information was sold to "third parties." Two T-Mobile employees were fined for his or her role within the breach under the U.K.'s data protection rules.
Getting Prior to Advanced Threats
T-Mobile's Boni, a member of the protection for Business Innovation Council, was on a panel last week discussing the issue of threat intelligence sharing between organizations and understanding the character and breadth of threats to a company. The discussion was held on the headquarters of RSA, the protection Division of EMC Corp. together with the discharge of the council's new report, “Getting Just before Advanced Threats.†(.pdf)
Boni, who have been answerable for corporate security at T-Mobile for the last two years, helped author the report. He said understanding the protection culture within a corporation and getting IT staff to think more about security and intelligence gathering is a regularly painstaking process. Most IT personnel consider themselves as being in a service-level maintenance role in the organization, he said.
“That's of their DNA,†Boni said of most IT professionals. “Our challenge is to make the organization more resilient and that implies changing the mindset of the common IT person.â€
In the report, the council, that is sponsored by RSA, lays out a six-step roadmap to turning an organization into intelligence gathering team. It starts with basic security steps including conducting comprehensive risk assessments, getting executive management on board and building external and internal sources to higher understand the organization's adversaries. Â Â Â Â
Nessun commento:
Posta un commento
Comments links could be nofollow free