Popular data leaker IntelBroker is selling a database that allegedly belongs to telecommunications giant T-Mobile, but the company has denied this is the case.
In a new post published on a dark web forum, IntelBroker said they were selling “Source Code, SQL Files, Images, Terraform Data, t-mobile.com Certifications, Silo Programs.”
They said the breach occurred in June 2024 and shared screenshots of administrative access to a Confluence server, as well as screenshots of the company’s Slack channels for developers.
Old screenshots
We don’t know how big the database is, or how much money the threat actor is asking for. However, T-Mobile claims that the infrastructure is intact and is currently investigating the matter further.
“T-Mobile’s systems have not been compromised. We are actively investigating a claim of an issue with a third-party service provider,” T-Mobile shared in a statement. BleepingComputer. “We have no indication that T-Mobile customer data or source code was attached and can confirm that the bad guy’s claim that T-Mobile’s infrastructure was accessed is false.”
A source told the publication that the screenshots are old and were placed on a third-party vendor’s server. The name of the third party is known, but will remain hidden for the time being given the risk of other threat actors targeting him.
IntelBroker has made quite a name for itself by posting data from many high-profile organizations on the dark web. Recently, the same threat actor offered AMD’s files for sale: “In June 2024, AMD, a major computer company, suffered a data breach. Compromised data: future AMD products, spec sheets, employee databases, customer databases, proprietary files, ROMs, source code, firmware and finance,” the threat actor said in the post.
Other organizations affected by the same attacker include HPE, General Electric, Home Depot, Facebook Marketplace, and many others.