Popular data leaker IntelBroker is selling a database allegedly belonging to the telecommunications giant T-Mobile, but the company has denied this is the case.
In a new post published on a dark web forum, IntelBroker said they were selling “Source code, SQL files, Images, Terraform data, t-mobile.com certifications, Siloprograms.”
They said the breach happened in June 2024, and shared screenshots showing access with admin privileges to a Confluence server, as well as screenshots depicting the company’s Slack channels for developers.
Old screenshots
We don’t know how big the database is, or how much money the threat actor is asking for. However, T-Mobile claims its infrastructure is intact, and is currently investigating the matter further.
“T-Mobile systems have not been compromised. We are actively investigating a claim of an issue at a third-party service provider,” T-Mobile shared in a statement to BleepingComputer. “We have no indication that T-Mobile customer data or source code was included and can confirm that the bad actor’s claim that T-Mobile’s infrastructure was accessed is false.”
A source told the publication that the screenshots are old, and were posted to a third-party vendor’s server. The name of the third party is known, but given the risk of other threat actors targeting it, will remain hidden for now.
IntelBroker has made quite a name for themselves, posting data belonging to many high-profile organizations on the dark web. Recently, the same threat actor offered AMD’s files for sale: “In June 2024, AMD, a large computing company suffered a data breach. Compromised data: Future AMD products, Spec sheets, employee databases, customer databases, property files, ROMs, source code, firmware and finances,” the threat actor said in the post.
Other organizations hit by the same attacker include HPE, General Electric, Home Depot, Facebook Marketplace, and many others.