Bug Exposed T-Mobile Data With Just a Phone Number

Share
Bug Exposed T-Mobile Data With Just a Phone Number

Until recently, a bug on a T-Mobile website gave hackers access to personal details relating to wireless subscriber accounts. Saini notes that T-Mobile offered him a $1,000 reward as part of its bug bounty program.

Though the information revealed by this vulnerability may not have been as sensitive as things like addresses and social security numbers, Motherboard notes that the information that was compromised could be enough to carry out social engineering attacks like phishing. They apparently used the stolen information obtained via the hack to trick T-Mobile employees into handing over new SIM cards and hijack phone numbers by impersonating the rightful owners of the line.

"T-Mobile has 76 million customers, and an attacker could have ran a script to scrape the data (email, name, billing account number, IMSI number, other numbers under the same account which are usually family members) from all 76 million of these customers to create a searchable database with accurate and up-to-date information of all users."

So, even though the vulnerability has been patched, it sounds like subscribers should still be wary of anyone contacting them claiming to be a representative for the company. T-Mobile said that the issue affected only a small number of its customers, so perhaps the worst case scenario laid down by Saini wasn't realized.

T-Mobile said in a statement that "we were alerted to an issue that we investigated and fully resolved in less than 24 hours".

With Equifax data breach still lurking in everyone's mind and Accenture's irresponsible security protections only having come to light this week, this is yet another potential mega breach, where hackers didn't even need to breach into T-Mobile's network as everything was available to them thanks to a security bug.

"We have confirmed that we have shut down all known ways to exploit it", T-Mobile said.

Yesterday, however, an anonymous hacker informed Motherboard that hackers had been exploiting the T-Mobile glitch for quite some time.

Share

Advertisement

Related Posts

Drug Companies in Calif. Will Answer to New Price Regulating Law
Health plans must provide detailed information about prescription drug costs and the portion of premiums related to this expense. He works as an Online Marketing Consultant providing web marketing services for attorney SEO firms.

Harvey Weinstein admits to groping model on police recording
In the wake of the report, Vance, who is running for his third term in October, returned the donation. They're also shaking up the New York City criminal justice system.

Buffington Mohr McNeal Sells 11877 Shares of General Electric Company (GE)
Adirondack Research & Management Incorporated stated it has 0.18% of its portfolio in General Electric Company (NYSE:GE). Welch & Forbes Ltd Liability holds 1.44% of its portfolio in General Electric Company (NYSE:GE) for 1.91 million shares.

Justice (r) Javed Iqbal takes charge as NAB's new chief
Justice (retd) Javed Iqbal was among the three names recommended by the opposition leader for the post. Justice (retd) Iqbal was appointed as a Supreme Court justice in 2000 and retired in 2011.

Ex-Saints DB Tracy Porter Arrested on Battery, Drug Charges
According to WWLTV.com , "The police officer taking the report noted that the woman had fresh bruises consistent with her story". Porter most notably returned an interception for a touchdown to clinch the Saints' victory in Super Bowl XLIV.

Notable Stock Analysts Ratings Southwestern Energy Company (SWN)
The energy company reported $0.08 earnings per share for the quarter, missing the Zacks' consensus estimate of $0.16 by ($0.08). Noble Energy Inc. has $60 highest and $3.50 lowest target. $41.38's average target is 50.25% above currents $27.54 stock price.

Who Is Asia Argento?
"In a tweet linked to the New Yorker story, Bourdain wrote: ".@AsiaArgento I am proud and honored to know you. Argento is now dating chef Anthony Bourdain and was previously married to filmmaker Michele Civetta.

Qualcomm appealing TFTC's decision in $773 million United States dollars fine
The fine from the country's government follows similar regulatory actions in the U.S., South Korea and China. Federal Trade Commission is also suing Qualcomm over its licensing practices.

Watch Princess Nokia Kick a Racist Off New York City Train
University spokesperson John Beckman has confirmed that the man, Paul Lawson did not attend NYU Law. Jezebel has reached out to Frasqueri for comment and will update with any response.

Potential NCAA Violations by Oklahoma State Basketball Targeted in Subpoena
Chuck Person (Auburn), Tony Bland (USC) and Emanuel Richardson (Arizona) were also arrested in connection with the case. He has since been suspended by Oklahoma State and is expected to appear in court on Thursday.

© 2015 ExpressNewsline. All Rights reserved.