• T-Mobile site bug made customer data available to anyone

    2 monthes ago - By SlashGear

    One of T-Mobile's websites left a tool exposed that let anyone look up personal account data on the carrier's customers, it has been revealed. Users only required the customer's phone number to retrieve the information, leaving many people vulnerable to data theft. The issue has since been fixed, but it's unclear how many customers may have been impacted by it....
    Read more ...

     

  • T-Mobile tool let literally anyone with your phone number find your full address

    T-Mobile tool let literally anyone with your phone number find your full address

    2 monthes ago - By TheBoyGeniusReport

    An unsecured T-Mobile tool potentially gave access to millions of customers' details to anyone with a URL and a phone number, according to ZDNet. The bug exposed an internal T-Mobile tool to anyone who knew where to look, the report says, needing just a phone number to expose the customer's full name, billing address, account number, and in some cases tax ID info.
    The flaw was exposed by a security researcher, Ryan Stephenson, who first reported the bug to T-Mobile's bug bounty program in return for $1,000. T-Mobile pulled the website soon after the bug was reported in early April.
    Read more ...

     

  • T-Mobile website security flaw let anyone view customer account info

    T-Mobile website security flaw let anyone view customer account info

    2 monthes ago - By TmoNews

    A couple of months after it was discovered that a vulnerability with the T-Mobile website allowed hackers to log into any customer's account, another vulnerability with T-Mo's site has been found. Security researcher Ryan Stevenson recently found that a T-Mobile subdomain would allow a person to access customer data just by entering their phone number. According to ZDNet , the subdomain was promotool.t-mobile.com and was primarily used by customer care, but it contained an API...
    Read more ...

     

  • An unsecured T-Mobile website made customer information available to anyone

    An unsecured T-Mobile website made customer information available to anyone

    2 monthes ago - By The Verge

    A T-Mobile web domain left millions of customers' account information - including their names, addresses, and sometimes tax identification numbers - unprotected for anyone to access. The website is designed as a customer care portal for employees, according to ZDNet , which first reported the security flaw, but it was available to find through search engines and required no password to access the tools.
    Adding a customer's phone number to the end of the web address yielded their full name, postal address, billing account number, and some account information, like whether they were past due...
    Read more ...

     

  • T-Mobile bug let anyone see any customer's account details

    T-Mobile bug let anyone see any customer's account details

    2 monthes ago - By ZDnet

    Exclusive: The exposed lookup tool let anyone run a customer's phone number - and obtain their home address and account PIN, used to contact phone support.
    Read more ...