Skip to main content

Bug on T-Mobile website allowed hackers to access account info

Another day, another privacy issue. Until last week, a T-Mobile website allowed hackers to gain access to personal information like email addresses, T-Mobile account numbers, and more, using only the customer’s phone number. The story was first reported by Motherboard, which said that T-Mobile fixed the issue one day after Motherboard asked the company about it.

Discovered by security researcher Karan Saini, the flaw basically allowed hackers who knew or guessed your phone number to gain valuable information that could then be used in a social engineering attack or even to gain access to other personal information elsewhere online. That put 76 million T-Mobile customers in danger of having their data compromised.

Recommended Videos

Even more concerning is the fact that, according to Saini, it would have been pretty easy for an attacker to write a script that automatically retrieved all account details through this bug. As part of the bug, hackers could also access a user’s IMSI number, which is basically a unique identifying number for customers. Using that, hackers could do things like track a user’s location, intercept texts and calls, and more. On top of that, the number could theoretically be used to conduct fraud through taking advantage of the notoriously insecure SS7 network, which is a backbone communications standard.

T-Mobile, for its part, disputes some of the claims made by Saini. Instead of affecting all 76 million customers, T-Mobile says that the bug only affects a small portion of customers. The company also said that it fixed the bug within 24 hours of it being discovered and according to Saini, the company gave him $1,000 for being a part of the T-Mobile bug bounty program, which rewards people who find and report bugs and flaws.

The report comes at a time when it’s looking more and more like Sprint and T-Mobile will announce a merger in the next few weeks. It’s unlikely this report will have an affect on talks about the merger.

There does not seem to be any evidence that any malicious hackers knew about or exploited the bug, but that doesn’t mean it didn’t happen. Either way, we reached out to T-Mobile and will update this story if we hear back.

Christian de Looper
Christian de Looper is a long-time freelance writer who has covered every facet of the consumer tech and electric vehicle…
Like T-Mobile? You can pay your phone bill by playing games
T-Mobile REVVL 7 PRO 5G back.

How much time do you spend playing mobile games on your phone? A lot of people use them to pass the time, but Metro by T-Mobile customers could double down and work toward paying off their monthly bill. The carrier has partnered with the Ad It Up app to let users earn points by shopping, playing games, and answering surveys. All those points can be placed toward your next month's bill.

This only works for a few specific carriers, including Cricket and T-Mobile. Anyone can download the app, but will receive an alert that their carrier isn't supported if it's any besides these. The available games include Coin Master, Traffic Puzzle, and Cube Master, but there are others to choose from if none of those fit your tastes. For example, you can play the wildly popular 2048 puzzle game to earn points.

Read more
T-Mobile satellite-to-phone service opens for all, and free until July
Showcase of T-Mobile Starlink service on an iPhone.

Two years ago, T-Mobile inked a deal with SpaceX to enable network connectivity via the Starlink constellation of satellites. Late in 2024, the carrier opened registrations for beta testing its direct-to-cell satellite service. Today, the company aired a Super Bowl ad and announced that the beta testing is now open to everyone.

The coolest part is that T-Mobile will offer free access for all registrations until July. Once the beta freebie is phased out, the service will be bundled at no extra cost for subscribers on the Go5G Next plan covering individual and business customers.

Read more
T-Mobile crushed its rivals in this important test
A person playing a game on the Asus ROG Phone 9 Pro.

In the U.S., the top carriers don't offer the same network performance. One carrier has significantly outperformed the others over the past six months, according to data collected in network and connectivity expert Ookla's latest "Speedtest Connectivity Report." The report, which covers data collected between July and December 2024, found that T-Mobile, the third-largest carrier in the U.S., has emerged as the clear leader in overall performance. The differences are striking.

Ookla reports that T-Mobile provides media download speeds 120% faster than its closest competitor, AT&T. Verizon, the largest carrier by subscriber count, ranked third. These speeds are enough for Ookla to conclude that T-Mobile offers the best mobile gaming experience.

Read more