The Broadband Guide
SG
search advanced

Bug on T-Mobile website allowed hackers to access account info

2017-10-11 09:35 by
Tags: ,

 

Security researcher Karan Saini, founder of startup Secure7, discovered a security flaw in T-Mobile's website that could have allowed hackers to extract personal information of millions of customers by knowing or guessing that customer's phone number.

"T-Mobile has 76 million customers, and an attacker could have ran a script to scrape the data (email, name, billing account number, IMSI number, other numbers under the same account which are usually family members) from all 76 million of these customers to create a searchable database with accurate and up-to-date information of all users," Saini said. "That would effectively be classified as a very critical data breach, making every T-Mobile cell phone owner a victim," he added.

With access to illegal technology, criminals can also use a person's IMSI (International Mobile Subscriber Identity) to track their location or intercept calls, text messages, and metadata.

The bug was fixed on Friday after the company was approached by the security reporter. There's no evidence that the vulnerability has been exploited, or that it has been used for any malicious purpose.

Read more -here-

In related news, the T-Mobile customers' portal website/app seems to be experiencing ongoing issues since yesterday. 

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About