Bug Exposed T-Mobile Data With Just a Phone Number

Share
Bug Exposed T-Mobile Data With Just a Phone Number

Until recently, a bug on a T-Mobile website gave hackers access to personal details relating to wireless subscriber accounts. Saini notes that T-Mobile offered him a $1,000 reward as part of its bug bounty program.

Though the information revealed by this vulnerability may not have been as sensitive as things like addresses and social security numbers, Motherboard notes that the information that was compromised could be enough to carry out social engineering attacks like phishing. They apparently used the stolen information obtained via the hack to trick T-Mobile employees into handing over new SIM cards and hijack phone numbers by impersonating the rightful owners of the line.

"T-Mobile has 76 million customers, and an attacker could have ran a script to scrape the data (email, name, billing account number, IMSI number, other numbers under the same account which are usually family members) from all 76 million of these customers to create a searchable database with accurate and up-to-date information of all users."

So, even though the vulnerability has been patched, it sounds like subscribers should still be wary of anyone contacting them claiming to be a representative for the company. T-Mobile said that the issue affected only a small number of its customers, so perhaps the worst case scenario laid down by Saini wasn't realized.

T-Mobile said in a statement that "we were alerted to an issue that we investigated and fully resolved in less than 24 hours".

With Equifax data breach still lurking in everyone's mind and Accenture's irresponsible security protections only having come to light this week, this is yet another potential mega breach, where hackers didn't even need to breach into T-Mobile's network as everything was available to them thanks to a security bug.

"We have confirmed that we have shut down all known ways to exploit it", T-Mobile said.

Yesterday, however, an anonymous hacker informed Motherboard that hackers had been exploiting the T-Mobile glitch for quite some time.

Share

Advertisement

Related Posts

Mr Robot season 3 arrives this week
In the Season 3 premiere, Elliot gets woke and realizes that his mission needs help from Angela. We got an exclusive preview of the third season of Mr Robot and it is promising.

Nafta talks: Trump open to a bilateral Canada-US trade deal
Stephen Harper says he believes Donald Trump is genuinely willing to pull the plug on the North American Free Trade Agreement. President Donald Trump is welcoming Canadian Prime Minister Justin Trudeau for talks expected to focus on trade and aviation.

Barclays Remains a Buy on First Data Corp
The share price of First Data Corporation (NYSE: FDC ) was down -0.50% during the last trading session, with a day high of 0.00. Clinton Group Inc. lowered its stake in First Data Corp (NYSE: FDC ) by 4.3% during the first quarter, Holdings Channel reports.

Who Is Asia Argento?
"In a tweet linked to the New Yorker story, Bourdain wrote: ".@AsiaArgento I am proud and honored to know you. Argento is now dating chef Anthony Bourdain and was previously married to filmmaker Michele Civetta.

University of Hawaii Sent Students An Alarming Email About Nuclear War
Despite the national attention, the email didn't generate a large number of complaints from students or faculty, Meisenzahl said. The email then told recipients to be aware of emergency sirens and to follow instructions on " sheltering in place ".

Harvey Weinstein admits to groping model on police recording
In the wake of the report, Vance, who is running for his third term in October, returned the donation. They're also shaking up the New York City criminal justice system.

Five dead, 27 missing in Kisii building collapse
Kisii county governor James Ongwae was among leaders from the region who arrived at the site to inspect the situation. Earlier on Wednesday, sources indicated that the contractors of the ill-fated building were inside when it collapsed.

Potential NCAA Violations by Oklahoma State Basketball Targeted in Subpoena
Chuck Person (Auburn), Tony Bland (USC) and Emanuel Richardson (Arizona) were also arrested in connection with the case. He has since been suspended by Oklahoma State and is expected to appear in court on Thursday.

Average Gas Price Down Across Georgia
Depending on the affect Hurricane Nate has on refineries in the Gulf, the drop in gas prices could stall and reverse direction. Gas prices across Georgia have been steadily dropping over the last month and should continue to do so in the near future.

Snapchat introduces Context Cards to show more info to the user
The feature is rolling out to users in Australia, Canada, New Zealand, the United Kingdom and the US. For any of these Snaps , you will see the word "More" at the bottom of the Snap.

© 2015 ExpressNewsline. All Rights reserved.