× TECHNOLOGY
SOFTWARE NETWORKING CLOUD IT SERVICES MOBILE SECURITY STORAGE IOT DATA ANALYTICS CYBER SECURITY ORACLE SAP BIG DATA
BUSINESS
DIGITAL MARKETING ERP RETAIL HEALTHCARE TELECOM
MAGAZINE
CURRENT ISSUE ARCHIVE
OPINION ABOUT US CONTACT US CLIENT FEEDBACK

Unsecured T-Mobile website leaks customer data

unsecured tmobile website data leak

Millions of customer account information were left unprotected and exposed after a T-Mobile web domain was left unsecured. Information like names, addresses, tax identification numbers, etc was left exposed and unprotected for anyone to access.

The unsecured website was in fact, designed as a customer care portal for employees. What was first reported as a security flaw here was later found throughout the search engines and also required no password to access the tools.

It was seen that if one simply added the customer’s phone number at the end of the web address, it resulted in the full name, postal address, billing account number, tax ID numbers, account PINs used to verify the account, and other account information. Details like when the bill was due, if the service was suspended, etc were easily available as well.

An unprotected API resulted in this cybersecurity flaw of the website. T-Mobile said that it immediately pulled the website offline and fixed the bug. A spokesperson from T-Mobile said that they don’t have any evidence regarding the misuse of the customer data. But one can never be certain about the possibilities of having information exposed.

MAGAZINES