Samples of data allegedly belonging to a T-Mobile Retailer, Connectivity Source, appeared on a popular hacking forum earlier today.
Connectivity Source describes itself as “one of T-Mobile’s largest Authorized Retailers serving customers nationwide in our T-Mobile branded stores.”
The forum user who posted the leak released 89 GB of data that has allegedly been exfiltrated from the retailer earlier this year, and first released today.
The threat actor on the hacking forum has fully released all data, with a direct download link for anyone to access. The hacking forum post also contains a data sample that allegedly includes Connectivity Source employee data, as you can see below.
The data appeared on the hacking forum ‘Breached,’ and the samples include text files containing:
- Employee credentials
- Partial social security numbers (last 4 digits)
- Email addresses
In our analysis of the sample, the leak appears to only contain employee data, not customer data.
According to the Threat Actor who released the data, the breach occurred in April 2023, but was not leaked until earlier today, for unspecified reasons.
T-Mobile denies breach, points to third-party retailer
T-Mobile provided RestorePrivacy with a comment, clarifying that the breach appears to affect an independent T-Mobile retailer, rather than the large telecom firm itself.
There has not been a T-Mobile data breach. The data being referred to online is believed to be related to an independently owned authorized retailer from their incident earlier this year. T-Mobile employee data was not exposed.T-Mobile spokesperson
While this appears to be good news for T-Mobile, having not suffered yet another breach, it is nonetheless a large leak for Connectivity Source with 89 GB of internal data being shared online.
T-Mobile did not directly name Connectivity Source, but the user who posted the data in the hacking forum did in the post title, “(2023) T-Mobile | Connectivity Source”.
Past T-Mobile breaches
According to T-Mobile official data breach letter earlier this year, it was also breached in March 2023, just one month prior to the current alleged leak. Additionally, in another regulatory filing, T-Mobile also reported a breach in January of this year.
Last year, the NY Attorney General issued a consumer alert warning that users exposed in another T-Mobile breach were at risk for identity theft and fraud. The same would hold true for this current breach should it prove to be legitimate.
RestorePrivacy contacted T-Mobile to request a comment on the validity of the data sample and whether the company experienced a security incident around April of this year.
We received clarification the day after the story was published and updated the content and title to reflect this new info.