1. Mobile

Bug on T-Mobile website allowed hackers to access account info

By

t-mobile black friday deals T-Mobile
Another day, another privacy issue. Until last week, a T-Mobile website allowed hackers to gain access to personal information like email addresses, T-Mobile account numbers, and more, using only the customer’s phone number. The story was first reported by Motherboard, which said that T-Mobile fixed the issue one day after Motherboard asked the company about it.

Discovered by security researcher Karan Saini, the flaw basically allowed hackers who knew or guessed your phone number to gain valuable information that could then be used in a social engineering attack or even to gain access to other personal information elsewhere online. That put 76 million T-Mobile customers in danger of having their data compromised.

Even more concerning is the fact that, according to Saini, it would have been pretty easy for an attacker to write a script that automatically retrieved all account details through this bug. As part of the bug, hackers could also access a user’s IMSI number, which is basically a unique identifying number for customers. Using that, hackers could do things like track a user’s location, intercept texts and calls, and more. On top of that, the number could theoretically be used to conduct fraud through taking advantage of the notoriously insecure SS7 network, which is a backbone communications standard.

T-Mobile, for its part, disputes some of the claims made by Saini. Instead of affecting all 76 million customers, T-Mobile says that the bug only affects a small portion of customers. The company also said that it fixed the bug within 24 hours of it being discovered and according to Saini, the company gave him $1,000 for being a part of the T-Mobile bug bounty program, which rewards people who find and report bugs and flaws.

The report comes at a time when it’s looking more and more like Sprint and T-Mobile will announce a merger in the next few weeks. It’s unlikely this report will have an affect on talks about the merger.

There does not seem to be any evidence that any malicious hackers knew about or exploited the bug, but that doesn’t mean it didn’t happen. Either way, we reached out to T-Mobile and will update this story if we hear back.

Editors' Recommendations

The best home security cameras for 2021

T-Mobile announces expanded 5G Home Internet access across southern U.S.

t mobile 5g home internet gateway

The best outdoor security cameras for 2021

The Google Nest Cam (battery) mounted to a wall.

How to block text messages on iOS and Android

how to block text messages

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

These Sony noise-canceling headphones are 48% OFF today

The Sony WH-CH710N headphones.

Walmart is virtually giving away this Acer Nitro gaming laptop right now

The Acer Nitro 5 is currently $250 off at Walmart

The best 5G phone deals available right now

Samsung Galaxy S20 FE

How to buy a refurbished Mac or MacBook computer

Apple iMac with Retina 5K Display review lifestyle back

What’s new on HBO and HBO Max, and what’s leaving in October 2021

The cast of Denis Villeneuve's Dune staring out over the desert.

Best cheap gaming laptop deals for September 2021

MSI GS75 Stealth

Everything we know about Kirby and the Forgotten Land

Kirby riding a star in Kirby and the Forgotten Lands.

Leaked Alder Lake benchmark shows 21% performance gain over AMD

Promotional image of an Intel Core processor.