Joe UchillMay 24, 2018

T-Mobile flaw let anyone access user info with only a phone number

A San Francisco T-Mobile Store — A T-Mobile glitch left accounts exposed. Photo: Justin Sullivan / Getty

An exposed online interface for T-Mobile let anyone access user info knowing only a phone number.

The details: Researcher Ryan Stevenson notified T-Mobile of the bug in April, and the wireless carrier took down the problematic service the next day. The bug was first reported on by ZDNet.

Until it was taken down, T-Mobile had an active online tool for its computer programmers to connect its employees to the customer database, known as an API.
The API delivered information including address, PIN, account number and, on some accounts, tax identification number.
Researchers found a separate, similar T-Mobile bug in October.

A representative confirmed that T-Mobile investigated the flaw but found no sign any data had actually been stolen.

T-Mobile

Latest Stories

Latest Stories

Iranian Foreign Minister Javad Zarif makes surprise visit to site of G7

Hong Kong clashes: Police use water cannon and fire gun for first time

Republican Joe Walsh announces he will primary Trump in 2020

China trade war: White House clarifies Trump comments about "second thoughts"

Generation Z knows how to own the pop charts

Trump promises "very big trade deal" with U.K. as Brexit deadline looms

Tropical Storm Dorian forms in Atlantic

Virginia marks 400 years since arrival of first African slave ship

1,200 new fires identified in Amazon region this week

North Korea claims it tested "super-large" multiple rocket launcher

G7 summit: French police use tear gas and water cannon on protesters

What he's listening to: Obama releases summer playlist

DNC votes against holding a climate change debate

Brazil deploys military to fight Amazon fire

Public school fees are soaring in America

Google curbs politics at work with new guidelines

Axios AM: Mike's Top 10 — Disruption rules — Scary graphic — Pic from space — Lingo: "hickster"

How many steps it takes to get an abortion in each state

Mozambique national park turns to coffee to fight deforestation

Iran sees growing dividends from support for Yemen's Houthis

T-Mobile flaw let anyone access user info with only a phone number

Latest Stories

Latest Stories

Iranian Foreign Minister Javad Zarif makes surprise visit to site of G7

Hong Kong clashes: Police use water cannon and fire gun for first time

Republican Joe Walsh announces he will primary Trump in 2020

China trade war: White House clarifies Trump comments about "second thoughts"

Generation Z knows how to own the pop charts

Trump promises "very big trade deal" with U.K. as Brexit deadline looms

Tropical Storm Dorian forms in Atlantic

Virginia marks 400 years since arrival of first African slave ship

1,200 new fires identified in Amazon region this week

North Korea claims it tested "super-large" multiple rocket launcher

G7 summit: French police use tear gas and water cannon on protesters

What he's listening to: Obama releases summer playlist

DNC votes against holding a climate change debate

Brazil deploys military to fight Amazon fire

Public school fees are soaring in America

Google curbs politics at work with new guidelines

Axios AM: Mike's Top 10 — Disruption rules — Scary graphic — Pic from space — Lingo: "hickster"

How many steps it takes to get an abortion in each state

Mozambique national park turns to coffee to fight deforestation

Iran sees growing dividends from support for Yemen's Houthis

Sign up for a daily newsletter defining what matters in business and markets

T-Mobile flaw let anyone access user info with only a phone number