T-Mobile Bug Exposed Customer Account Details
The personal account details of T-Mobile customers were easily accessible for an unknown time thanks to a bug in T-Mobile's web site. The site in question was a subdomain used by T-Mobile staff to access customer account information when performing customer service tasks. The subdomain, however, was not protected by a password and could be used by anyone who knew how to find it. Using T-Mobile customer phone numbers, anyone could have quickly discovered names, account numbers, addresses, tax information, account payment status, PINs, and more. Security researcher Ryan Stevenson discovered the vulnerability in April and alerted T-Mobile. T-Mobile pulled the API in question and fixed the bug. "The bug bounty program exists so that researchers can alert us to vulnerabilities, which is what happened here, and we support this type of responsible and coordinated disclosure," said T-Mobile in a statement provided to ZDNet. "The bug was patched as soon as possible and we have no evidence that any customer information was accessed." A similar bug was discovered on a different T-Mobile subdomain last year.
Apr 25, 2018
Google believes its Tasks mobile application for Android and iOS devices will help users manage and complete tasks more efficiently. The app lets people create tasks lists; view, edit, and manage tasks from any device; and control tasks created in Gmail, Google Calendar, or on the web from mobile devices.
Jun 21, 2018
Google today improved the design of its Google Account tool in order to make it easier for people to manage their account details, security, and privacy. The revised function provides summaries of personal information, devices with account access, payment methods, purchases, subscriptions, and contacts.
May 3, 2018
Twitter today suggested that users change their password. The company found a bug that exposed the passwords of some 330 million users and says people would do well to update their login.
May 22, 2018
Google today provided more information about business features baked into Android P. To start, Android P makes it easier for businesses to set up, manage, and keep separate work and personal profiles.
Nov 19, 2018
A bug in Instagram's Download Your Data tool left user passwords exposed. "If someone submitted their login information to use the Instagram 'Download Your Data' tool, they were able to see their password information in the URL of the page," said Instagram in a statement provided to The Verge.