A Web server hosting part of T-Mobile’s official website has apparently been compromised by TeaMp0isoN, a hacker collective associated with Anonymous, and some of the information hosted on it was stolen and made public on Pastebin.com on Saturday.
The revealed information consists of names, email addresses, phone numbers and passwords of some 80 employees, including its media relations team, and judging by the date of the document containing the data, the information seems to have been stolen last October.
The Pastebin post does not reveal the reason behind the leak, but does point out the fact that most included passwords are laughable.
“Look at the passwords, epic fail. All the passwords are manually given to staff via an admin who uses the same set of passwords,” the group pointed out in the post.
But revealing poor security practices was only part of the reason for the leak. Contacted by Eduard Kovacs, they shared that they attacked the company’s server because T-Mobile is known for supporting the “Big Brother Patriot Act” law.
The company has yet to confirm this incident, but the fact that media contact page hosted on the server is currently offline might give credence to the group’s claims.