Summary T-Mobile recently raised prices and disabled Google Authenticator, and is now dealing with a potential data breach by threat actor 'IntelBroker'.

T-Mobile denies the breach, claiming its systems were not accessed. The data was possibly stolen from a third-party vendor's server.

T-Mobile is investigating the situation, and it is unclear if customer data was compromised. This would be the carrier's third data breach in three years.

Mobile network T-Mobile has been in the news a lot lately, and for all the wrong reasons. Back in May, the carrier announced that it was increasing prices by $2 to $5 per line for most Magenta, Magenta Max, Simple Choice, and T-Mobile ONE customers, including grandfathered plans, despite the carrier's price lock promise. Subsequently, in early June, the carrier temporarily disabled Google Authenticator login for T-Mobile accounts, leaving customers vulnerable to cyber threats.

Following that, earlier this week, the carrier was reported to be beginning its crackdown on customers gaming the system and using their home internet service while traveling. Now, the carrier is reportedly scrambling to contain a data breach.

According to a recent Bleeping Computer report, a threat actor named 'IntelBroker' recently breached T-Mobile, and claims to have stolen its source code, and other sensitive information. The hacker has taken responsibility for several data breaches in the past, including the likes of Europol, the Los Angeles International Airport's CRM system, Home Depot, and even AMD and Apple, recently.

According to the threat actor, the breach took place in June 2024 itself, and even displayed proof in the form of screenshots showing access to administrative functions on one of T-Mobile's CRMs. internal. IntelBroker is currently selling the stolen data, describing it as "Source code, SQL files, Images, Terraform data, t-mobile.com certifications, Siloprograms, etc."

T-Mobile denies the breach

Source: Bleeping Computer

In a statement given to Bleeping Computer, T-Mobile says that its infrastructure was not accessed, and its systems were not compromised. "T-Mobile systems have not been compromised. We are actively investigating a claim of an issue at a third-party service provider," said the carrier. "We have no indication that T-Mobile customer data or source code was included and can confirm that the bad actor's claim that T-Mobile's infrastructure was accessed is false."

However, that doesn't mean that the carrier's data wasn't stolen. The report cites an unnamed source, suggesting that the information accessed by IntelBroker was stolen from a third-party vendor's server, and if that's the case, T-Mobile's statement saying that its systems have not been compromised turns out to be true, and IntelBroker's claim that "T-Mobile's infrastructure was accessed" turns out to be false. However, even if stolen from a third-party vendor's server, the data in question is T-Mobile's, making it the carrier's third data breach in three years. It is currently unknown which vendor was compromised.

As of right now, it appears that no sensitive customer information was stolen, though the investigation is currently ongoing, and we'll likely learn more soon.