T-Mobile hacker gets celeb snaps and Social Security numbers

Wireless carrier T-Mobile acknowledges that an online attacker gained access to its network but denies reports that the criminal had the run of its network or broadly threatened its customers' privacy.

The mobile phone provider said that it discovered the breach in late 2003 and immediately took steps to lock out the intruder. A subsequent investigation found that the unidentified person had accessed the name and Social Security numbers of 400 T-Mobile customers. The customers were notified in writing of the incident, the company said.

"We immediately notified the United States Secret Service and asked it to investigate this incident and to find the hacker," T-Mobile said in the statement.

The incident, first reported by online security information site SecurityFocus, came to light after 21-year-old Nicolas Jacobsen was charged with the crime. A grand jury indictment charges Jacobsen with two counts of violating the US Computer Fraud and Abuse Act, but does not name the victim.

However, T-Mobile's statement leaves questions. While the mobile phone service claimed to have locked out the intruder in late 2003, the indictment states that the network trespass for which Jacobsen is being charged happened between 15 March 2004, and 26 October, 2004.

The SecurityFocus report also points to several pictures that have appeared on the internet, which apparently were stolen from the accounts of celebrities.

T-Mobile did not immediately comment on the discrepancies, but in its statement it hinted that its network may have fallen prey to the same hacker.

"This same person is also believed to be involved in other attempts to gain unauthorised access to customer information," the company said. "The Secret Service is investigating these allegations, and T-Mobile is cooperating to the fullest extent, including with regard to the allegations that customer photos have been subject to unauthorised access."

Robert Lemos writes for CNET News.com