An exposed online interface for T-Mobile let anyone access user info knowing only a phone number.
The details: Researcher Ryan Stevenson notified T-Mobile of the bug in April, and the wireless carrier took down the problematic service the next day. The bug was first reported on by ZDNet.