TeaMp0isoN hackers post T-Mobile USA staff details online

TeaMp0isoN hackers have been busy again, breaking into the site of T-Mobile USA and posting log-in details of the firm's staff online, in likely retaliation for the network operator's support for the controversial SOPA legislation.

The hacktivist collective, which some believe was spun-off from the bigger hacking group Anonymous, once again chose Pastebin to post the details of more than 80 members of staff including names, email addresses, phone numbers and passwords.

The hackers are believed to have exploited SQL injection vulnerabilities in the site to obtain the details. While T-Mobile's support for SOPA is one obvious reason for the hack, TeaMp0isoN also seemed keen to point out the simple security flaws present yet again in a big-name site.

"Look at the passwords, epic fail," noted a message at the bottom of the Pastebin data dump.

"All the passwords are manually given to staff via an admin who uses the same set of passwords."

SQL injection is also one of the most common form of web application vulnerabilities despite being one of the easiest to fix. The most recent State of Software Security report from security vendor Veracode found that one-third of all applications analysed contained such a vulnerability.

John Stock, senior security consultant at vulnerability firm Outpost24, argued that T-Mobile lacked basic understanding of current security threats.

"By now, companies should be aware of the risks posed to their IT systems by common vulnerabilities, such as SQL and XSS attacks," he added.

"Additionally, if companies are handing out passwords to staff they should be unique to each person, meaning that if one account is compromised, others aren't."

For its part, T-Mobile tweeted that the hack had only affected its newsroom pages and has now been fixed.

TeaMp0isoN first came on the radar in summer 2011 when it hacked an official BlackBerry blog and defaced it with a message warning Research In Motion not to assist the authorities in their attempts to capture London riot suspects.

Since then, the group helped launch Op Robin Hood, a campaign designed to hack credit card details from major banks and distribute the resulting funds to the "disenfranchised" 99 per cent of citizens and charities around the globe.

Meanwhile, opposition to SOPA is growing, with Wikipedia the latest web firm to come out against it. Many of these firms plan to take their sites offline in protest at the legislation on Wednesday.