T-Mobile has finally issued a response to the Paris Hilton Sidekick hacking.
Engadget: T-Mobile is investigating the reported disclosure of Paris Hilton’s information.
T-Mobile’s computer forensics and security team is actively investigating to determine how Ms. Hilton’s information was obtained. This includes the possibility that someone had access to one of Ms. Hilton’s devices and/or knew her account password.
Given the sensitivity of the situation, and to protect our customers’ information, we are not able to provide specific details of the investigation at this point.
Most reports have the Secret Service and FBI investigating this case. Many websites initially hosting the address book, pictures and other material have been shut down. One such site, GorillaMast.net has posted this message on their site:
UPDATE (2/20): Being one of the first sites to host this information, I was contacted earlier tonight by the Secret Service agent in charge of the T-Mobile Hack / Identity Theft case. As a result of our lengthy phone conversation, along with the strange urge I have to keep my site and my personal assets, I will no longer be hosting any of the Hilton-related files on this server.
T-Mobile’s declaration that it intends to conduct its own investigation into the hack seems to be merely cosmetic. There’s little reason to believe the company can do a better job than the FBI or Secret Service, given the fact that we assume T-Mobile would be granting those agencies full access to the information needed to solve the crime. If T-Mobile didn’t have the defensive capabilities to keep this sort of thing from happening in the first place, it’s unlikely they have the investigative capabilities to outdo the feds. T-Mobile is most likely trying to grandstand for its customer base, desperate to let everyone know how seriously it takes security and privacy issues in an attempt to protect its market share.
Some screen shots that we obtained from the hacking contain the HTTP Header timestamp of “Sun, 20 Feb 2005 03:26:13 GMT”. The page also showed the full Session ID that was stored in a cookie. This type of information could probably help the investigation as whoever took these shot obviously had access to the compromised account. The screenshots also show Paris Hilton’s profile page, which appears to show her password length as only 6 characters long (though it may show 6 characters for all passwords in that screen).
Paris has done advertising for T-Mobile in the past. The future of that relationship looks grim.
Eric Anderson at 10:09 pm
Ouch! And to think I actually use a phone by T Mobile!
Not good news, I’m afraid…
Comment by Absaraka — February 22, 2005 @ 6:24 am
This is looking more and more like a hoax. I’m covering it in my blog after a chat with the FBI. AND FYI Gorillamask.net
still has the pics
Exactly what sites have been shut down? And by whom?
Comment by John C. Dvorak — February 22, 2005 @ 3:17 pm