WiredNews explains how last year Nicolas Jacobsen, 22 breached T-Mobile’s server. The exploit called WebLogic first discovered in 2003 which allows an attacker to remotely read or replace any file on a system by feeding it a special web request. With the knowledge of the exploitation Jacobsen went on to find servers that have not been patched. He hit the jackpot when he got into T-Mobile’s server and accessed Paris Hilton’s account along with other celebrity notables including Ashton Kutcher, Demi Moore, and Nicole Richie. The hacker had access to T-Mobile customer passwords, Social Security numbers, dates-of-birth and other information, which he offered to make available to fraudsters.
T-Mobile has started to notify 400 customers about the possibility of their data being leaked, but it seems very probably that many more have been breached. T-Mobile has since patched the vulnerability.