May 24, 2018

T-Mobile flaw let anyone access user info with only a phone number

A T-Mobile glitch left accounts exposed. Photo: Justin Sullivan / Getty

An exposed online interface for T-Mobile let anyone access user info knowing only a phone number.

The details: Researcher Ryan Stevenson notified T-Mobile of the bug in April, and the wireless carrier took down the problematic service the next day. The bug was first reported on by ZDNet.

Until it was taken down, T-Mobile had an active online tool for its computer programmers to connect its employees to the customer database, known as an API.
The API delivered information including address, PIN, account number and, on some accounts, tax identification number.
Researchers found a separate, similar T-Mobile bug in October.

A representative confirmed that T-Mobile investigated the flaw but found no sign any data had actually been stolen.

Go deeper

Axios

Coronavirus spreads to more countries, and U.S. ups its case count

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's Health Ministry. Note: China numbers are for the mainland only and U.S. numbers include repatriated citizens.

The novel coronavirus continues to spread to more nations, and the U.S. reports a doubling of its confirmed cases to 34 — while noting those are mostly due to repatriated citizens, emphasizing there's no "community spread" yet in the U.S. Meanwhile, Italy reported its first virus-related death on Friday.

The big picture: COVID-19 has now killed at least 2,251 people and infected almost 77,000 others, mostly in mainland China. New countries to announce infections recently include Israel, Lebanon and Iran.

Go deeperUpdated 1 hour ago - Health

Axios

Axios Dashboard

Stat du jour: 😀 Satisfaction "with the way things are going" in U.S. hits 15-year high
S&P 500: 3,373.23 (👇 12.92 — 0.38%)
1 2020 thing: 🤐 Bloomberg offers to release women from 3 NDAs
1 showbiz thing: ☕️Friends reunion coming to HBO MAX in May
1 biz thing: 😔Wells Fargo to pay $3 billion for opening fake accounts
1 sports thing: 👟 Another distance running record falls with high-tech Nikes

Keep up with breaking news throughout the day — sign up for our alerts.

Keep ReadingUpdated 2 hours ago - Politics & Policy

Orion Rummler

Wells Fargo agrees to pay $3 billion to settle consumer abuse charges

Clients use an ATM at a Wells Fargo Bank in Los Angeles, Calif. Photo: Ronen Tivony/SOPA Images/LightRocket via Getty Images

Wells Fargo agreed to a pay a combined $3 billion to the Justice Department and the Securities and Exchange Commission on Friday for opening millions of fake customer accounts between 2002 and 2016, the SEC said in a press release.

The big picture: The fine "is among the largest corporate penalties reached during the Trump administration," the Washington Post reports.

Go deeper3 hours ago - Economy & Business