Lapsus$ hackers breached T-Mobile’s systems and stole its source code

Illustration by Alex Castro / The Verge

The source code of T-Mobile was stolen by the Lapsus$ hacking group in a series of hacks in March. T-Mobile said in a statement that the systems accessed contained no customer or government information.

The Lapsus$ hacking group discussed targeting T-Mobile in the week prior to the arrest of seven of its teenage members, according to private messages obtained by Krebs. After purchasing employees credentials online, the members could use the company's internal tools to perform sim swaps. This type of attack involves hijacking a target's mobile phone by transferring its number to a device owned by the attacker. The attacker can get calls and texts from that person's phone number.

The FBI and the Department of Defense were also targeted by Lapsus$ hackers, according to messages posted by Krebs. Additional verification measures were required to be able to do so.

T-Mobile said in an email that it detected a bad actor using stolen credentials to access internal systems.

Over the years, T-Mobile has been the target of attacks. Past incidents did affect customers' data, even though this particular hack didn't affect them. The personal information of over 47 million customers was exposed in August of 2016 and another attack just months later compromised a small number of customer accounts.

Lapsus$ is a hacking group that primarily targets the source code of large technology companies, like Microsoft and Nvidia. The group, which is led by a teenage mastermind, has also targeted Okta and Apple Health.