Skip to main content
  1. Home
  2. Mobile
  3. News

T-Mobile website bug reportedly exposed private customer account details

By

t-mobile
Image used with permission by copyright holder

Due to a bug in T-Mobile’s website back in April, customers’ account information was left accessible for anyone to see, ZDnet reports. While the security flaw has since been fixed, personal information could have potentially been misused by anyone who knew where to look.

Recommended Videos

The subdomain — promotool.t-mobile.com — is a customer care portal for employees to access internal tools. But the bug allowed for it to be easily found through search engines and didn’t require a password to access the tools.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, Max (HBO), and more

The flaw was due to a hidden API — it provided T-Mobile customer data by adding the customer’s cell phone number to the end of the web address. This data included a customer’s billing account number, postal address, and account information, such as the status of their bills, including if service for an account was suspended or a bill is past due. For some, customer account PINs and tax ID numbers were also accessible.

The API was pulled by T-Mobile a day after it was reported by security researcher Ryan Stevenson, who was also awarded a $1,000 bug bounty later. While it’s not clear how long the API was exposed, a spokesperson for T-Mobile told ZDnet that there’s no evidence any customer information was accessed.

This is isn’t the first time an issue like this has happened to T-Mobile. In October, a security flaw allowed hackers to gain access to similar information through a T-Mobile website. Hackers were able to obtain email addresses, account numbers, and more, simply by using the customer’s phone number.

The flaw was discovered by security researcher Karan Saini, and it allowed hackers to gain information that could then be used in a social engineering attack, as well as provided access to other personal information online. T-Mobile claimed the bug only affected a small amount of customers and that it was fixed within 24 hours of being discovered.

News of the most recent flaw comes a little less than a month after the merger with T-Mobile and Sprint was announced — which was also in April. While both carriers agreed on combining companies, we have yet to see whether the U.S. Justice Department will approve it.

Brenda Stolyar
Brenda Stolyar
Former Staff Writer, Mobile
Brenda became obsessed with technology after receiving her first Dell computer from her grandpa in the second grade. While…
Topics

Editors’ Recommendations

Like T-Mobile? You can pay your phone bill by playing games
T-Mobile REVVL 7 PRO 5G back.

How much time do you spend playing mobile games on your phone? A lot of people use them to pass the time, but Metro by T-Mobile customers could double down and work toward paying off their monthly bill. The carrier has partnered with the Ad It Up app to let users earn points by shopping, playing games, and answering surveys. All those points can be placed toward your next month's bill.

This only works for a few specific carriers, including Cricket and T-Mobile. Anyone can download the app, but will receive an alert that their carrier isn't supported if it's any besides these. The available games include Coin Master, Traffic Puzzle, and Cube Master, but there are others to choose from if none of those fit your tastes. For example, you can play the wildly popular 2048 puzzle game to earn points.

Read more
T-Mobile satellite-to-phone service opens for all, and free until July
Showcase of T-Mobile Starlink service on an iPhone.

Two years ago, T-Mobile inked a deal with SpaceX to enable network connectivity via the Starlink constellation of satellites. Late in 2024, the carrier opened registrations for beta testing its direct-to-cell satellite service. Today, the company aired a Super Bowl ad and announced that the beta testing is now open to everyone.

The coolest part is that T-Mobile will offer free access for all registrations until July. Once the beta freebie is phased out, the service will be bundled at no extra cost for subscribers on the Go5G Next plan covering individual and business customers.

Read more
T-Mobile crushed its rivals in this important test
A person playing a game on the Asus ROG Phone 9 Pro.

In the U.S., the top carriers don't offer the same network performance. One carrier has significantly outperformed the others over the past six months, according to data collected in network and connectivity expert Ookla's latest "Speedtest Connectivity Report." The report, which covers data collected between July and December 2024, found that T-Mobile, the third-largest carrier in the U.S., has emerged as the clear leader in overall performance. The differences are striking.

Ookla reports that T-Mobile provides media download speeds 120% faster than its closest competitor, AT&T. Verizon, the largest carrier by subscriber count, ranked third. These speeds are enough for Ookla to conclude that T-Mobile offers the best mobile gaming experience.

Read more