Now that T-Mobile has acquired Sprint, the company obviously wants Sprint’s customers to officially move over to T-Mobile. As such, they are offering Sprint customers free SIM cards when they log into their accounts as a way to entice users to make the switch, but it seems that in the process, they might have left an exploit open.
According to chats over on the unofficial T-Mobile Discord server, one user discovered the exploit which allowed the user to place multiple orders back-to-back. It initially only allowed one order at a time, but the user eventually discovered a method that allowed them to increase the number of orders to 6.
Combine that with free overnight shipping, the user decided to find out how many SIM cards they could order and went at it non-stop until they were locked out of their account. What’s interesting about this is that when they spoke to a customer rep, they were told they weren’t in any trouble. The only reason for the suspension was because the system had thought it was a bot placing orders due to the quantity and speed.
According to the user, they were told by the rep that they did not need to return the SIM cards and that if they wanted to, they could keep placing orders:
“He said I don’t need to return the SIM cards, and I may still order more if I wish once my account is restored, but in his personal opinion this is the strangest situation he’s ever seen. I’m not going to [continue ordering] because it’s a major inconvenience to lose access to my online account for a week at a time.”
We’re not sure what was the goal here, maybe just to see how many they could get away with, but the user has since stated that the inconvenience of being suspended was enough to dissuade them from continuing.
Source: The T-Mo Report