Hackers are claiming they have plundered T-Mobile computer systems of sensitive company and customer information and are planning to sell it.
The intruders allegedly stole "everything, [including T-Mobile's] databases, confidential documents, scripts and programs from their servers, [and] financial documents up to 2009," according to a note they posted Saturday on the Full Disclosure mailing list.
The anonymous authors of the note left a contact email address, but a message sent to that account by SCMagazineUS.com received an error return message on Monday.
The letter included claims that the hackers are trying to sell the stolen goods to the highest bidder.
"We already contacted with their competitors and they didn't show interest in buying their data -- probably because the mails got to the wrong people -- so now we are offering them to the highest bidder," the post said. "Please, only serious offers. Don't waste our time."
In addition, the letter includes about 10 pages of what appears to be files allegedly stolen from T-Mobile.
A T-Mobile spokeswoman told SCMagazineUS.com on Monday that she could not provide any information about the incident, but the company was looking into it.
Paul Davie, founder of database security firm Secerno, said that if the story is true, the hackers likely pilfered the data in one of two ways: Either they installed data-sniffing malware to capture data as it traversed the network or they somehow exceeded their access rights -- possibly with the help of an insider -- to access the database and dump its stored contents.
But Davie doubts the crooks were able to get away with as much as they claim.
"If [T-Mobile] thought this was a hoax, they'd say that immediately and they haven't yet, which makes me suspect these guys have a small amount of data," he told SCMagazineUS.com on Monday. "But I'd be very surprised if they have all that they're claiming."
Gordon "Fyodor" Lyon, who runs the mailing list, told SCMagazineUS.com on Monday that one should take all posts with a "grain of salt."
"There have been many instances where actual 0-day vulnerabilities and private documents have been posted there, but also many hoaxes too," he said.
In particular, he highlighted a post in 2007 that claimed to contain the conclusion of "Harry Potter and the Deathly Hallows" days before it was released. That post turned out to be false.