T-Mobile’s website gave you access to a customer’s data as long as you had their phone number


T-Mobile’s website was sitting with a nasty bug out in the open, and it could have made it ridiculously easy for an attacker to compromise a customer’s data.

A little-known web API visible to the public would allow an attacker to input a T-Mobile customer’s phone number and get details such as email address, a customer’s T-Mobile account number, and the phone’s IMSI, a unique identifier number.

The vulnerability was reported to T-Mobile and patched up a little over a week ago, and the company maintains that no customer data was accessed through this method. Despite that, Motherboard reports that a BlackHat hacker actually revealed to them that the vulnerability was, in fact, discovered and used by some in the hacking scene, with the individual proving it by sending the reporter their own account details. There’s even a YouTube video showing the process, uploaded as far back as August 6th.

When pressed again, T-Mobile stood by their position that no customer data was accessed. Either way, the bug should be fixed now, so if anyone has any malicious ideas then they needn’t apply any longer.

Quentyn Kennemer
The "Google Phone" sounded too awesome to pass up, so I bought a G1. The rest is history. And yes, I know my name isn't Wilson.

You can now pick up Amazon’s updated Fire 10 HD tablet

Previous article

Huawei Mate 10 Pro render leaks in insanely high resolution, specs detailed

Next article

You may also like


Leave a reply

Your email address will not be published. Required fields are marked *

More in News