Home › News ›

T-Mobile Bug Exposed Customer Account Details

Article Comments

May 25, 2018, 9:57 AM by Eric M. Zeman

The personal account details of T-Mobile customers were easily accessible for an unknown time thanks to a bug in T-Mobile's web site. The site in question was a subdomain used by T-Mobile staff to access customer account information when performing customer service tasks. The subdomain, however, was not protected by a password and could be used by anyone who knew how to find it. Using T-Mobile customer phone numbers, anyone could have quickly discovered names, account numbers, addresses, tax information, account payment status, PINs, and more. Security researcher Ryan Stevenson discovered the vulnerability in April and alerted T-Mobile. T-Mobile pulled the API in question and fixed the bug. "The bug bounty program exists so that researchers can alert us to vulnerabilities, which is what happened here, and we support this type of responsible and coordinated disclosure," said T-Mobile in a statement provided to ZDNet. "The bug was patched as soon as possible and we have no evidence that any customer information was accessed." A similar bug was discovered on a different T-Mobile subdomain last year.

Related

Google Brings Calendar App to WearOS

Oct 12, 2023
Google has finally released a proper Google Calendar app for its WearOS smartwatch platform. The app brings a detailed view of your upcoming events and tasks.

Google Announces New Security, Privacy Features for Android

May 18, 2021
Google today revealed several new security and privacy features across its platforms, including Android. A new Locked Folder protects selected photos and videos with an additional layer of security.

OnePlus' First Foldable Aims High

Oct 19, 2023
OnePlus has launched the OnePlus Open, its first foldable phone. The flagship-class phone has top-end specs, going head-to-head with the Samsung Galaxy Z Fold5 and Google Pixel Fold in both design and features.

New Senate Bill Would Reshape App Stores

Aug 12, 2021
A bipartisan group of three US Senators has introduced new legislation that would place major new rules on the app stores run by Apple and Google. The Open App Markets Act would: Ensure users could access third-party app stores and make them the default.

T-Mobile Details Customer Data Breach

Aug 18, 2021
T-Mobile today revealed the full extent of the recent theft of sensitive consumer data from its internal systems. The breach affects over 40 million people across three groups: people who applied for credit with the company (whether they became a customer or not), a fraction of its current postpaid customers (7.8 million), and 850,000 prepaid customers under the T-Mobile brand.

more news about:

Comments

This forum is closed.

This forum is closed.

No messages

Page 1 of 1