Skip to main content

T-Mobile website bug reportedly exposed private customer account details

t-mobile
Image used with permission by copyright holder

Due to a bug in T-Mobile’s website back in April, customers’ account information was left accessible for anyone to see, ZDnet reports. While the security flaw has since been fixed, personal information could have potentially been misused by anyone who knew where to look.

The subdomain — promotool.t-mobile.com — is a customer care portal for employees to access internal tools. But the bug allowed for it to be easily found through search engines and didn’t require a password to access the tools.

Recommended Videos

The flaw was due to a hidden API — it provided T-Mobile customer data by adding the customer’s cell phone number to the end of the web address. This data included a customer’s billing account number, postal address, and account information, such as the status of their bills, including if service for an account was suspended or a bill is past due. For some, customer account PINs and tax ID numbers were also accessible.

Please enable Javascript to view this content

The API was pulled by T-Mobile a day after it was reported by security researcher Ryan Stevenson, who was also awarded a $1,000 bug bounty later. While it’s not clear how long the API was exposed, a spokesperson for T-Mobile told ZDnet that there’s no evidence any customer information was accessed.

This is isn’t the first time an issue like this has happened to T-Mobile. In October, a security flaw allowed hackers to gain access to similar information through a T-Mobile website. Hackers were able to obtain email addresses, account numbers, and more, simply by using the customer’s phone number.

The flaw was discovered by security researcher Karan Saini, and it allowed hackers to gain information that could then be used in a social engineering attack, as well as provided access to other personal information online. T-Mobile claimed the bug only affected a small amount of customers and that it was fixed within 24 hours of being discovered.

News of the most recent flaw comes a little less than a month after the merger with T-Mobile and Sprint was announced — which was also in April. While both carriers agreed on combining companies, we have yet to see whether the U.S. Justice Department will approve it.

Brenda Stolyar
Former Digital Trends Contributor
Brenda became obsessed with technology after receiving her first Dell computer from her grandpa in the second grade. While…
T-Mobile is getting rid of its misleading ‘Price Lock’ policy
T-Mobile CEO Mike Sievert standing in front of a banner that reads Internet Freedom.

T-Mobile just got into some trouble with the National Advertising Program (NAD), a part of the BBB National Programs, an independent non-profit organization, for advertising its supposed “Price Lock” policy for 5G internet service.

Basically, the premise behind the “Price Lock” was a promise not to increase prices for customers who were on the Un-Contract Promise: “Starting January 18, 2024, customers activating or switching to an eligible rate plan get our Price Lock guarantee that only you can change what you pay—and we mean it!”

Read more
5 carriers you should use instead of T-Mobile
The T-Mobile logo on a smartphone.

When it comes to performance, quality, and reliability, T-Mobile is undoubtedly one of the best carriers in the U.S. It offers the fastest speeds and the broadest coverage with reasonably priced plans that include quite a few perks.

However, that may still add up to more than you want to pay; top-notch performance comes with a higher price tag attached. The good news is that T-Mobile is far from the only game in town. In addition to the other two of the big three U.S. carriers -- AT&T and Verizon -- there are dozens of Mobile Virtual Network Operators (MVNOs) that piggyback on the big carrier networks with more affordable plans that offer the same coverage and great performance at a fraction of the price. You’ll get fewer perks, and customer service may not be as responsive, but those may be reasonable tradeoffs for how much you’ll save.

Read more
T-Mobile is buying one of the largest carriers in the U.S.
Cell phone tower shooting off pink beams with a 5G logo next to it.

If you were impacted by T-Mobile's latest price hike and were looking for an alternative carrier, we have some bad news — T-Mobile is buying US Cellular. For those unaware, U.S. Cellular is the fifth-largest carrier in the U.S. despite being a regional carrier based mostly in the Chicago area. Unlike mobile virtual network operators (MVNOs) like Metro by T-Mobile or Visible, which piggyback on a parent carrier’s network, US Cellular has its own towers and stores.

The deal would see T-Mobile pay $4.4 billion to take over US Cellular’s wireless customers, stores, and 30% of its spectrum assets. It includes a combination of cash and T-Mobile assuming $2 billion of U.S. Cellular’s debt. US Cellular will keep control of 4,400 of its towers and 70% of its spectrum portfolio, but T-Mobile will extend its leases for 600 US Cellular towers and sign new long-term leases on 2,015 more towers. In a conference call about the deal, T-Mobile also committed to hiring a significant number of U.S. Cellular associates.

Read more