T-Mobile flaw let anyone access user info with only a phone number

A San Francisco T-Mobile Store — A T-Mobile glitch left accounts exposed. Photo: Justin Sullivan / Getty

An exposed online interface for T-Mobile let anyone access user info knowing only a phone number.

The details: Researcher Ryan Stevenson notified T-Mobile of the bug in April, and the wireless carrier took down the problematic service the next day. The bug was first reported on by ZDNet.

Show less

Go deeper72 Words

Until it was taken down, T-Mobile had an active online tool for its computer programmers to connect its employees to the customer database, known as an API.
The API delivered information including address, PIN, account number and, on some accounts, tax identification number.
Researchers found a separate, similar T-Mobile bug in October.

A representative confirmed that T-Mobile investigated the flaw but found no sign any data had actually been stolen.

T-Mobile

Latest Stories

Latest Stories

Florida Democrats rip Sanders over Venezuela comments

Israeli lunar lander now on way to moon, a private sector first

Sanders taps San Juan Mayor Carmen Yulín Cruz as campaign co-chair

Virginia Republicans push for 10-person probe of lieutenant governor

Republicans condemn Cummings' "irresponsible" accusations against Trump lawyers

Scandal swirls around Canada's Justin Trudeau

Kraft Heinz stock implodes on gruesome earnings

Axios Future: Where jobs aren't — Predicting disease — Emojis in the courtroom

Tennessee governor apologizes for Confederate uniform in yearbook

NOx never looked so beautiful

Saturday's showdown in Venezuela will test strength of Maduro, Guaidó

House Judiciary schedules hearing on Trump’s family separation policy

Axios World: Venezuela border showdown — Bibi boosts bigots — Trudeau's growing scandal

Zebra stripes confuse biting flies

North Korean hackers could start stealing business secrets

Richard Sackler endorsed plan to mislead about OxyContin's potency

Axios Science: Climate change's new salience — Standards for AI medicine — Flies can't stick zebra landings

Trump's Golden State bad blood

Scientists call for rules on evaluating predictive AI in medicine

Axios PM: Trump's Golden State bad blood — Roger Stone gagged — North Carolina will hold new election

T-Mobile flaw let anyone access user info with only a phone number

Latest Stories

Latest Stories

Florida Democrats rip Sanders over Venezuela comments

Israeli lunar lander now on way to moon, a private sector first

Sanders taps San Juan Mayor Carmen Yulín Cruz as campaign co-chair

Virginia Republicans push for 10-person probe of lieutenant governor

Republicans condemn Cummings' "irresponsible" accusations against Trump lawyers

Scandal swirls around Canada's Justin Trudeau

Kraft Heinz stock implodes on gruesome earnings

Axios Future: Where jobs aren't — Predicting disease — Emojis in the courtroom

Tennessee governor apologizes for Confederate uniform in yearbook

NOx never looked so beautiful

Saturday's showdown in Venezuela will test strength of Maduro, Guaidó

House Judiciary schedules hearing on Trump’s family separation policy

Axios World: Venezuela border showdown — Bibi boosts bigots — Trudeau's growing scandal

Zebra stripes confuse biting flies

North Korean hackers could start stealing business secrets

Richard Sackler endorsed plan to mislead about OxyContin's potency

Axios Science: Climate change's new salience — Standards for AI medicine — Flies can't stick zebra landings

Trump's Golden State bad blood

Scientists call for rules on evaluating predictive AI in medicine

Axios PM: Trump's Golden State bad blood — Roger Stone gagged — North Carolina will hold new election

Never miss an Axios exclusive. Sign up for Mike Allen's AM newsletter.

T-Mobile flaw let anyone access user info with only a phone number