T-Mobile is investigating how internal data was stolen from the mobile network's servers.
A message about T-Mobile was posted to the Full Disclosure mailing list last week by people who claimed they'd unsuccessfully tried to sell the data to T-Mobile's competitors.
They said they'd pitched the information to the wrong email addresses, but were now willing to sell the data to anyone. Full Disclosure describes itself as an unmoderated forum where people can post information on security vulnerabilities.
"We have everything - their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009," the message said. "We are offering them for the highest bidder."
The hackers then included a raft of data that showed information on operating system versions, applications and IP addresses allegedly collected from T-Mobile's systems. The strings of information listed vendors such as Tibco Software, SAP, Centivia and Teradata whose software T-Mobile supposedly uses.
T-Mobile confirmed the information posted on the website had been stolen from its servers.
"Regarding the recent claim on a website, we've identified the document from which information was copied and believe possession of this alone is not enough to cause harm to our customers," the company said.
"If these guys have personally identifiable information, then they would have exposed enough of that to give credibility to the story, because it's going to massively increase the value of what they're going to sell," added Paul Davie, founder of data security specialist Secerno. "So I suspect that they don't have that kind of thing."
Take part in PC Advisor's Broadband Survey 2009
See all mobile phone reviews
See also: T-Mobile G1 follow-up coming this summer