Bug on T-Mobile website allowed hackers to access account info

Security researcher Karan Saini, founder of startup Secure7, discovered a security flaw in T-Mobile's website that could have allowed hackers to extract personal information of millions of customers by knowing or guessing that customer's phone number.

"T-Mobile has 76 million customers, and an attacker could have ran a script to scrape the data (email, name, billing account number, IMSI number, other numbers under the same account which are usually family members) from all 76 million of these customers to create a searchable database with accurate and up-to-date information of all users," Saini said. "That would effectively be classified as a very critical data breach, making every T-Mobile cell phone owner a victim," he added.

With access to illegal technology, criminals can also use a person's IMSI (International Mobile Subscriber Identity) to track their location or intercept calls, text messages, and metadata.

The bug was fixed on Friday after the company was approached by the security reporter. There's no evidence that the vulnerability has been exploited, or that it has been used for any malicious purpose.

Read more -here-

In related news, the T-Mobile customers' portal website/app seems to be experiencing ongoing issues since yesterday. 

• Waymo partners with Toyota to bring robotaxis to everyone
• Meta launches standalone AI app rivaling OpenAI's ChatGPT
• US FCC to review spectrum sharing rules to boost space-based telecom
• Google is dropping support for its oldest Nest Learning Thermostats
• Razer has a vertical mouse now
• Amazon’s Starlink competitor runs into production delays