1. Mobile

Bug on T-Mobile website allowed hackers to access account info

By

t-mobile black friday deals T-Mobile
Another day, another privacy issue. Until last week, a T-Mobile website allowed hackers to gain access to personal information like email addresses, T-Mobile account numbers, and more, using only the customer’s phone number. The story was first reported by Motherboard, which said that T-Mobile fixed the issue one day after Motherboard asked the company about it.

Discovered by security researcher Karan Saini, the flaw basically allowed hackers who knew or guessed your phone number to gain valuable information that could then be used in a social engineering attack or even to gain access to other personal information elsewhere online. That put 76 million T-Mobile customers in danger of having their data compromised.

Even more concerning is the fact that, according to Saini, it would have been pretty easy for an attacker to write a script that automatically retrieved all account details through this bug. As part of the bug, hackers could also access a user’s IMSI number, which is basically a unique identifying number for customers. Using that, hackers could do things like track a user’s location, intercept texts and calls, and more. On top of that, the number could theoretically be used to conduct fraud through taking advantage of the notoriously insecure SS7 network, which is a backbone communications standard.

T-Mobile, for its part, disputes some of the claims made by Saini. Instead of affecting all 76 million customers, T-Mobile says that the bug only affects a small portion of customers. The company also said that it fixed the bug within 24 hours of it being discovered and according to Saini, the company gave him $1,000 for being a part of the T-Mobile bug bounty program, which rewards people who find and report bugs and flaws.

The report comes at a time when it’s looking more and more like Sprint and T-Mobile will announce a merger in the next few weeks. It’s unlikely this report will have an affect on talks about the merger.

There does not seem to be any evidence that any malicious hackers knew about or exploited the bug, but that doesn’t mean it didn’t happen. Either way, we reached out to T-Mobile and will update this story if we hear back.

Editors' Recommendations

How to get Microsoft Office for free

How to get Microsoft Office for free

How to protect your smartphone from hackers and intruders

Can cops and hackers track your phone

What is Wi-Fi Direct? Here’s everything you need to know

carnegie mellon help speech project female smartphone generic getty

What is packet loss, and how do you fix it?

resetplug wifi router

Need to work from the road? Here are the 5 best laptops with LTE

Lenovo ThinkPad X1 Carbon (2018) review

What does Samsung’s adaptive refresh rate do? Smartphone refresh rates explained

oneplus 7t review screen

LastPass vs. 1Password

florida court phone passwords android lock screen password

Common Skype problems and how to fix them

best mac apps for small business skype

Follow these 5 simple tips for a healthier relationship with technology

coronavirus crisis not ready for an online first world analysis zoom conference lifestyle image

The best FaceTime alternatives for Android

Video calling

Samsung Galaxy S21 vs. iPhone 12: Can Samsung take a bite of Apple?

Samsung Galaxy S21

These are the best cheap Samsung Galaxy Note 20 deals for January 2021

samsung galaxy note 20 ultra hands on features price photos release date and screens

The best Apple iPhone deals for January 2021

best iphone deals 2019