T-Mobile flaw let anyone access user info with only a phone number
A T-Mobile glitch left accounts exposed. Photo: Justin Sullivan / Getty
An exposed online interface for T-Mobile let anyone access user info knowing only a phone number.
The details: Researcher Ryan Stevenson notified T-Mobile of the bug in April, and the wireless carrier took down the problematic service the next day. The bug was first reported on by ZDNet.
Until it was taken down, T-Mobile had an active online tool for its computer programmers to connect its employees to the customer database, known as an API.
The API delivered information including address, PIN, account number and, on some accounts, tax identification number.
