These guys deal in fear. Disclosure costs a company gazillions in lost customer confidence and bad publicity. If I were to run a job like that I'd buy myself some good quality inside files from a techie in ops, which is a cheap investment. Mostly beer and some threats to relatives - job done.

At that point you have data to make it credible you have somehow managed to hack into the core, and after that it's balancing publicity, security and so haggling.

Cheap, high return on investment, and no real need to be 'l33t' hackorz.

Most companies don't manage systems tight enough to disprove your claim, so they would either have to won up to that or pay.

And here endeth today's lesson about thinking like a criminal.

know of any way to be sure that your data isn't included in this?

I've been putting off cancelling t-mobile purely because of the hassle involved, this seems a good a reason as any to do it.

I find it amazing that this is the first I've heard of this, and I'm a T-Mobile customer. I wonder if this was the stolen database that required my credit card to be replaced.

Door. Horse. Bolted.