T-Mobile recently addressed reports of stolen data being offered for sale by a threat actor, stating that their systems were not compromised. The nation’s second-largest wireless provider clarified that they are actively investigating an issue at a third-party service provider and have no evidence of customer data or source code being included in the breach.

The threat actor, known as IntelBroker and linked to previous data breaches, claims responsibility for a recent attack on T-Mobile resulting in stolen source code. To validate the legitimacy of the data obtained, IntelBroker shared screenshots showing access to a Confluence server and internal Slack channels for developers.

It is suspected that the breach may have exploited the Common Vulnerabilities and Exposures (CVE) listing CVE-2024-1597, which affects Confluence Data Center and Server with a high severity score. However, it remains unclear if this vulnerability was used to breach the third-party vendor involved.

According to IntelBroker, the data for sale includes source code, SQL files, images, Terraform data, T-Mobile.com certifications, and Siloprograms. Reports suggest that this information consists of older screenshots of T-Mobile‘s infrastructure stored on a third-party vendor’s servers before being stolen.

As investigations continue into this incident, T-Mobile reassures customers that their systems remain secure and unaffected by any potential breaches. Stay tuned for further updates as more information becomes available.