T-Mobile reportedly confirms its systems were not compromised after a recent claim by a notorious hacker, IntelBroker, who said they were selling critical information and data from the telecommunications giant. T-Mobile is, however, investigating the matter.
IntelBroker stated that they were selling images, SQL files, certificates for t-mobile.com, silo programs, source code, and Terraform data in a recent post on a dark web forum.
They released pictures demonstrating admin-level access to a Confluence server and the developer Slack channels the organization runs, claiming that the intrusion occurred in June 2024.
An insider informed the publication that the screenshots were uploaded to the server of a third-party vendor and are outdated. The third party's name is known, but it will stay secret for now because other threat actors may target it.
IntelBroker Breaks Into Apple
IntelBroker remains a well-known hacker as it continues to compromise with companies from various industries. The threat actor also released several datasets purportedly from Apple, including the source code for several internal tools the iPhone manufacturer uses.
A dark web forum post by IntelBroker states that source codes for AppleMacroPlugin, AppleConnect-SSO, and Apple-HWE-Confluence-Advanced were exposed in June 2024 as a result of a data breach that occurred on Apple.com, most likely at their hands.
Although Apple-HWE-Confluence-Advanced and AppleMacroPlugin are less recognized, AppleConnect-SSO is an authentication method that permits staff members to access particular apps on the Apple network. The company's Directory Services database is integrated with the system, guaranteeing safe access to internal resources.
IntelBroker's Background
Notably, the same hacker is said to have recently successfully hacked a Meta contractor, which exposed the data of 200,000 Facebook Marketplace users on a hacking site.
The stolen database allegedly held many individually identifiable information (PII) pieces, including names, phone numbers, email addresses, Facebook IDs, and profile details.
The hacked information allegedly made public on February 11 includes 24,127 email addresses among the other exposed data.
According to the threat actor, someone used the Discord username "algoatson" to break into the networks of a Meta contractor in October 2023 and steal this section of the Facebook Marketplace database.
Sources emphasize how crucial it was that IntelBroker hid the identity of the allegedly targeted contractor. Facebook claims that not all contractor businesses are in charge of managing Facebook Marketplace data. Rather, they employ a combination of external partnerships and internal teams, contingent upon the specific data aspect.
Other hacks, such as the December 2023 disclosure of sensitive US Department of Defense material, are also attributed to IntelBroker. The General Electric security breach that led to the November 2023 auction of DARPA-related network access is one of the previous breaches that IntelBroker has exploited. The threat actor was also involved in a Grocery Service hack in February 2023, compromising 1.1 million accounts.