T-Mobile Bug Caused Massive Customer Data Exposure, Millions At Risk

A new development that is likely to slow down T-Mobile’s rise to the top of the ISP ladder is the news that its website was regularly getting breached due to a bug. As a result, customer data was exposed, which could have allowed hackers to steal information like phone numbers and email addresses. Even worse is the fact that the breach was made possible by simply entering a phone number.

The bug was discovered last week, which basically allowed hackers to get all kinds of personal user information from T-Mobile’s website, Motherboard reports. The vulnerability has since been fixed, but there’s no telling how many were affected by it in the meantime.

Karan Saini, a security researcher was the one who discovered the bug and promptly informed the carrier. The bug basically made use of user phone numbers as a digital key, which malicious hackers could have then used for all kinds of nefarious purposes.

"T-Mobile has 76 million customers, and an attacker could have ran a script to scrape the data (email, name, billing account number, IMSI number, other numbers under the same account which are usually family members) from all 76 million of these customers to create a searchable database with accurate and up-to-date information of all users," Saini said about the matter. "That would effectively be classified as a very critical data breach, making every T-Mobile cell phone owner a victim."

Just to provide an idea of how well-known this bug had become, hackers actually started creating tutorial videos on how to do it, Ars Technica reports. They aren’t exactly cat videos with millions of views, but even just one malicious hacker taking advantage of the vulnerability is one too many.

This news follows the discovery that a breach suffered by the credit reporting company Experian also placed the personal information of millions of T-Mobile customers at risk. This new hacking revelation could result in even more victims.