IntelBroker Leaks T-Mobile’s Sensitive Data in Massive Breach

Overview

In June 2024, T-Mobile, one of the largest telecommunications companies in the US, experienced a significant data breach. A cybercriminal, operating under the alias "IntelBroker," posted on a well-known breach forum, offering T-Mobile's internal data for sale. This breach included source code, SQL files, images, Terraform data, certifications, and more, showcasing the extensive compromise of T-Mobile's infrastructure.

Breach Details

• Date of Breach: June 2024
• Threat Actor: IntelBroker, a moderator on the breach forums with a significant reputation.
• Data Compromised:
  • Source code
  • SQL files
  • Images
  • Terraform data
  • T-Mobile.com certifications
  • Sliiopograms (unclear data type, potentially typo or specific internal terminology)

Threat Actor Profile

• Alias: IntelBroker
• Forum Role: Moderator on BreachForums.
• Reputation: High, with a reputation score of 3,531 and 797 posts since joining in June 2023.
• Activity: Known for selling high-value access and information on cybercrime forums.

IntelBroker is a prominent and notorious hacker known for their involvement in high-profile data breaches and cyberattacks. Operating as a moderator on BreachForums, IntelBroker has established a reputation for targeting sensitive and critical infrastructure, often involving government agencies and major corporations.

Notable Activities

• Europol Breach: IntelBroker recently claimed responsibility for breaching Europol's Platform for Experts (EPE), compromising sensitive data about ongoing investigations and internal procedures​ (SOCRadar® Cyber Intelligence Inc.)​​ (CPO Magazine)​.
• DC Health Link Breach: In March 2023, IntelBroker leaked personal data of approximately 170,000 individuals, including U.S. House members and their families, by breaching the DC Health Link insurance provider​ (Vulert)​​ (CPO Magazine)​.
• General Electric: In late 2023, IntelBroker claimed to have stolen classified information from General Electric, although the full extent of this breach remains unclear​ (Hackread)​.
• Zscaler Incident: In May 2024, IntelBroker alleged a breach of Zscaler, a prominent cloud security firm. Zscaler has disputed these claims, stating that no sensitive data was compromised​ (Hackread)​.
• Facebook Marketplace Leak: IntelBroker leaked a partial database of Facebook Marketplace, compromising around 200,000 entries with sensitive user data. This incident highlighted vulnerabilities in the contractor managing Facebook’s cloud services​ (Digital Watch Observatory)​.

Modus Operandi

IntelBroker typically sells access to compromised systems and data on BreachForums, requiring potential buyers to prove their reputation and use cryptocurrency for transactions. This hacker often utilizes escrow services to facilitate deals, enhancing trustworthiness within the cybercriminal community​ (Hackread)​.

Reputation and Influence

IntelBroker's position as a moderator on BreachForums underscores their influence and trust within this underground community. Their activities have significantly contributed to the site's notoriety and its eventual takedown by law enforcement​ (SOCRadar® Cyber Intelligence Inc.)​​ (CPO Magazine)​.

Impact Analysis

• Potential Risks:
  • Intellectual Property Theft: The breach of source code can lead to competitive disadvantages and the creation of exploits targeting T-Mobile systems.
  • Operational Disruption: Access to internal data and administrative functions could allow for further disruption of T-Mobile’s services.
  • Customer Data Exposure: While not explicitly stated, there is a risk that customer data could also be part of the breach, leading to privacy concerns and potential regulatory penalties.
  • Reputation Damage: The public nature of the breach and sale of data can significantly harm T-Mobile’s reputation, affecting customer trust and stock value.