Paris Hilton hacked thanks to old school scamming

Summary:'This is T-Mobile headquarters... honestly...'

'This is T-Mobile headquarters... honestly...'

One of the now notorious Paris Hilton hacker gang - who lifted pictures and celebrities' numbers from the 'heirhead''s T-Mobile Sidekick phone - has revealed he's no technical genius, just a dab hand at old-fashioned offline scamming.

According to an interview with the unnamed teenager by the Washington Post, the gang found a security flaw in T-Mobile's password reset mechanism which allowed them to shut out Sidekick users from their own accounts.

After annoying their T-Mobile-using friends for a while, the gang decided to take on a more well-known face.

However, all this technical hacking expertise was no use while the gang still lacked a celebrity's phone number. At this point, the gang took their hacking offline and moved onto social engineering.

One of the hackers called a T-Mobile store, claiming to be a superior from T-Mobile's headquarters in Washington following up on reports of problems with customer accounts.

The T-Mobile employee in question volunteered the website address where all customers' account details can be found, as well as the user name and password needed to access the information.

Once inside the protected area, the hackers were able to get access to a number of stars' accounts and used the information to harass Matrix actor Laurence Fishburn before releasing the contents of Hilton's Sidekick onto the internet.

The investigation into the hack is still ongoing.

Topics: Security

About

Jo Best has been covering IT for the best part of a decade for publications including silicon.com, Guardian Government Computing and ZDNet in both London and Sydney.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.