Finally, after further investigation, Telfort found that a phony app using the Telfort name, was responsible for the security breach. Published in the Windows Phone Store, Telfort was able to get the app booted from the Store. The phony app used the real Telfort logo and asked users for their name and login information so that they could check their account.
Let this be a lesson to all to guard against giving out too much information online. Your information can fall into the wrong hands and an app can be bogus even you downloaded it straight from the Windows Phone Store, Google Play Store, Apple App Store or BlackBerry World. The hard part is distinguishing official apps from counterfeits. But then again, that is what the bad guys are counting on. Telfort is considering legal action against the creator of the bogus app.
source: deGelderlander (translated), KPN (translated) via ZDNet, WPCentral