Joe UchillMay 24, 2018

T-Mobile flaw let anyone access user info with only a phone number

A San Francisco T-Mobile Store — A T-Mobile glitch left accounts exposed. Photo: Justin Sullivan / Getty

An exposed online interface for T-Mobile let anyone access user info knowing only a phone number.

The details: Researcher Ryan Stevenson notified T-Mobile of the bug in April, and the wireless carrier took down the problematic service the next day. The bug was first reported on by ZDNet.

Until it was taken down, T-Mobile had an active online tool for its computer programmers to connect its employees to the customer database, known as an API.
The API delivered information including address, PIN, account number and, on some accounts, tax identification number.
Researchers found a separate, similar T-Mobile bug in October.

A representative confirmed that T-Mobile investigated the flaw but found no sign any data had actually been stolen.

T-Mobile

Latest Stories

Latest Stories

The impeachment whip list

Trump on Iran drone attack: "I have a feeling it was a mistake"

Boris Johnson and Jeremy Hunt will square off to replace Theresa May

Slack goes public at $23 billion market cap

Senate votes to block Saudi arm sales despite veto threat

Email scammers use corporate consultant sites to find victims

Axios Codebook: How scammers find victims — Hurd's canceled Black Hat keynote — Russia steals Iran group's platform

Bypassing traditional IPO, Slack to start trading via direct listing

Axios Pro Rata: Slack's big day — Fed notes — Alphabet dodges shareholders

Critics view Josh Hawley's Big Tech bill as a new kind of censorship

YouTube's kid problem is more than child's play

Podcast: The changing Big Tech conversation

2020 candidate Marianne Williamson apologizes for vaccine comments

Axios Login: YouTube's kid problem — Slack goes public — Buybacks outpace R&D investment

How the EPA's climate rule rollback could reach beyond coal

Argentina's "Macrisis" continues

Jerome Powell's Fed statements aren't dumbing things down

Where the top 2020 Democrats stand on criminal justice reform

Axios Generate: Coal rule spillover — UN nominee drama — Visualizing solar's rise

Cory Booker on the issues, in under 500 words

T-Mobile flaw let anyone access user info with only a phone number

Latest Stories

Latest Stories

The impeachment whip list

Trump on Iran drone attack: "I have a feeling it was a mistake"

Boris Johnson and Jeremy Hunt will square off to replace Theresa May

Slack goes public at $23 billion market cap

Senate votes to block Saudi arm sales despite veto threat

Email scammers use corporate consultant sites to find victims

Axios Codebook: How scammers find victims — Hurd's canceled Black Hat keynote — Russia steals Iran group's platform

Bypassing traditional IPO, Slack to start trading via direct listing

Axios Pro Rata: Slack's big day — Fed notes — Alphabet dodges shareholders

Critics view Josh Hawley's Big Tech bill as a new kind of censorship

YouTube's kid problem is more than child's play

Podcast: The changing Big Tech conversation

2020 candidate Marianne Williamson apologizes for vaccine comments

Axios Login: YouTube's kid problem — Slack goes public — Buybacks outpace R&D investment

How the EPA's climate rule rollback could reach beyond coal

Argentina's "Macrisis" continues

Jerome Powell's Fed statements aren't dumbing things down

Where the top 2020 Democrats stand on criminal justice reform

Axios Generate: Coal rule spillover — UN nominee drama — Visualizing solar's rise

Cory Booker on the issues, in under 500 words

Sign up for a daily newsletter defining what matters in business and markets

T-Mobile flaw let anyone access user info with only a phone number