Skip to main content
  1. Home
  2. Mobile
  3. News

T-Mobile website bug reportedly exposed private customer account details

Brenda Stolyar
By
t-mobile
Image used with permission by copyright holder

Due to a bug in T-Mobile’s website back in April, customers’ account information was left accessible for anyone to see, ZDnet reports. While the security flaw has since been fixed, personal information could have potentially been misused by anyone who knew where to look.

The subdomain — promotool.t-mobile.com — is a customer care portal for employees to access internal tools. But the bug allowed for it to be easily found through search engines and didn’t require a password to access the tools.

Recommended Videos

The flaw was due to a hidden API — it provided T-Mobile customer data by adding the customer’s cell phone number to the end of the web address. This data included a customer’s billing account number, postal address, and account information, such as the status of their bills, including if service for an account was suspended or a bill is past due. For some, customer account PINs and tax ID numbers were also accessible.

Related

The API was pulled by T-Mobile a day after it was reported by security researcher Ryan Stevenson, who was also awarded a $1,000 bug bounty later. While it’s not clear how long the API was exposed, a spokesperson for T-Mobile told ZDnet that there’s no evidence any customer information was accessed.

This is isn’t the first time an issue like this has happened to T-Mobile. In October, a security flaw allowed hackers to gain access to similar information through a T-Mobile website. Hackers were able to obtain email addresses, account numbers, and more, simply by using the customer’s phone number.

The flaw was discovered by security researcher Karan Saini, and it allowed hackers to gain information that could then be used in a social engineering attack, as well as provided access to other personal information online. T-Mobile claimed the bug only affected a small amount of customers and that it was fixed within 24 hours of being discovered.

News of the most recent flaw comes a little less than a month after the merger with T-Mobile and Sprint was announced — which was also in April. While both carriers agreed on combining companies, we have yet to see whether the U.S. Justice Department will approve it.

Editors' Recommendations

Topics
Brenda Stolyar
Brenda Stolyar
Former Digital Trends Contributor
Brenda became obsessed with technology after receiving her first Dell computer from her grandpa in the second grade. While…
T-Mobile’s newest plans are exciting for new (and old) customers
The T-Mobile logo on a smartphone.

T-Mobile has just unveiled a new set of plans and perks to help both new and current customers break free of lengthy device contracts while guaranteeing you'll be able to get the best deals available on phone upgrades every two years.

Significantly, with the new plans, the "Un-carrier" promises equal treatment for all customers, whether they're coming over from another carrier or have been using T-Mobile's services for years. That's in contrast to the limited-time offers of its rivals, which often ignore their most loyal subscribers in an effort to entice others to switch carriers.

Read more
T-Mobile’s 5G is still unmatched — but have speeds plateaued?
Woman holding up smartphone with speed test results on Verizon 5G Ultra Wideband network.

Each time a new analysis of mobile network performance gets published, it’s almost a given that we’ll see T-Mobile leading the pack in terms of delivering the fastest 5G speeds. After all, the “Un-carrier” had a massive lead in deploying its 5G networks — and it hasn’t been resting on its laurels.

However, its competitors haven’t been sitting still either. While Verizon may have been starting from behind, it’s been aggressively deploying the faster 5G spectrum that gave it a nice leap in 5G performance last year. Still, Verizon and AT&T are lagging quite a bit in overall mobile network performance, and AT&T has fallen even farther behind when it comes to delivering the best 5G speeds across the nation.

Read more
T-Mobile subscribers can get MLS Season Pass for free
MLS Season Pass on an iPhone.

T-Mobile today announced that it's giving its subscribers MLS Season Pass for free. The service — which gets you every MLS game this season, along with other attached leagues — normally costs $100 for the season, or $15 a month.

T-Mobile subscribers (and Metro by T-Mobile customers) will be able to add MLS Season Pass via the T-Mobile Tuesdays app starting on February 21.

Read more