1. Mobile

Bug on T-Mobile website allowed hackers to access account info

Christian de Looper
By

t-mobile black friday deals T-Mobile
Another day, another privacy issue. Until last week, a T-Mobile website allowed hackers to gain access to personal information like email addresses, T-Mobile account numbers, and more, using only the customer’s phone number. The story was first reported by Motherboard, which said that T-Mobile fixed the issue one day after Motherboard asked the company about it.

Discovered by security researcher Karan Saini, the flaw basically allowed hackers who knew or guessed your phone number to gain valuable information that could then be used in a social engineering attack or even to gain access to other personal information elsewhere online. That put 76 million T-Mobile customers in danger of having their data compromised.

Even more concerning is the fact that, according to Saini, it would have been pretty easy for an attacker to write a script that automatically retrieved all account details through this bug. As part of the bug, hackers could also access a user’s IMSI number, which is basically a unique identifying number for customers. Using that, hackers could do things like track a user’s location, intercept texts and calls, and more. On top of that, the number could theoretically be used to conduct fraud through taking advantage of the notoriously insecure SS7 network, which is a backbone communications standard.

T-Mobile, for its part, disputes some of the claims made by Saini. Instead of affecting all 76 million customers, T-Mobile says that the bug only affects a small portion of customers. The company also said that it fixed the bug within 24 hours of it being discovered and according to Saini, the company gave him $1,000 for being a part of the T-Mobile bug bounty program, which rewards people who find and report bugs and flaws.

The report comes at a time when it’s looking more and more like Sprint and T-Mobile will announce a merger in the next few weeks. It’s unlikely this report will have an affect on talks about the merger.

There does not seem to be any evidence that any malicious hackers knew about or exploited the bug, but that doesn’t mean it didn’t happen. Either way, we reached out to T-Mobile and will update this story if we hear back.

Editors' Recommendations

Android 13: Everything we know so far about the upcoming OS

Android 13 concept

How to fix the iPhone is disabled error

iPhone is disabled

How to record phone calls on your iPhone

how to record calls on an iPhone

Critical Mac update fixes Safari bug that leaks user data

The new MacBook Pro seen from the side.

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

The 50 best movies on Netflix right now

Benedict Cumberbatch in the Power of the Dog.

Best Amazon TV deals for January 2022

early echo and fire tv devices prime day deals amazon cube deal

Best 65-inch TV Deals for January 2022

Vizio 65 inch TV

Best Beats Headphones Deals for January 2022

Glow-in-the-dark Powerbeats 4

Best Vizio TV deals for January 2022

vizio 55 inch oled 4k tv deal black friday 2020

Best Samsung TV deals for January 2022

A person watching a Samsung TV.

Best Sony headphone deals for January 2022

A man wearing the Sony WH-1000XM4 wireless headphones.

Best 8K TV deals for January 2022

2021 Samsung 8K Neo QLED TV