Technohacks, Technology

T-Mobile exposed private customer data to hackers who used only a phone number

Hackers discovered a flaw on the T-Mobile website that let them hijack customers’ personal information simply by plugging in phone numbers, according to Motherboard

Last week, security researcher Karan Saini, of the security information site Secure7, found the vulnerability and informed T-Mobile of the glitch. T-mobile removed the flaw and offered Saini $1,000 as part of the company’s Bug Bounty program. 

In an online chat, Saini told Motherboard that a hacker exploiting this flaw could have easily collected the data from millions of people.

“T-Mobile has 76 million customers, and an attacker could have ran a script to scrape the data (email, name, billing account number, IMSI number, other numbers under the same account which are usually family members) from all 76 million of these customers to create a searchable database with accurate and up-to-date information of all users,” said Saini.

T-Mobile contends that a widespread breech of its customers’ personal and phone information did not occur, telling Motherboard that “There is no indication that it was shared more broadly.”

Yesterday, however, an anonymous hacker informed Motherboard that hackers had been exploiting the T-Mobile glitch for quite some time. Unsettlingly, this anonymous source sent a Motherboard reporter a screenshot the reporter’s own account data, supposedly accessed from the site’s security flaw.

Mashable has reached out to T-Mobile for comment about this breech, and will update the story if we hear back. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f82008%2f502ecf28 56d3 4016 830c 530163c2d0f1

Source : Mashable

Previous ArticleNext Article
Send this to a friend