An exposed API allowed significant access to T-Mobile customer data

Stories

T-Mobile flaw let anyone access user info with only a phone number

A San Francisco T-Mobile Store — A T-Mobile glitch left accounts exposed. Photo: Justin Sullivan / Getty

An exposed online interface for T-Mobile let anyone access user info knowing only a phone number.

The details: Researcher Ryan Stevenson notified T-Mobile of the bug in April, and the wireless carrier took down the problematic service the next day. The bug was first reported on by ZDNet.

Show less

Go deeper72 Words

Until it was taken down, T-Mobile had an active online tool for its computer programmers to connect its employees to the customer database, known as an API.
The API delivered information including address, PIN, account number and, on some accounts, tax identification number.
Researchers found a separate, similar T-Mobile bug in October.

A representative confirmed that T-Mobile investigated the flaw but found no sign any data had actually been stolen.

T-Mobile

Latest Stories

Latest Stories

Apple to invest $1 billion in new Austin campus

Google's CEO weighs in on bigness

Vatican's third-highest official convicted of child sex abuse in Australia

Wanted: a killer app for quantum computing

Axios Future: Quantum's killer app — Leonardo is back — Big schmig (Part II)

Second Canadian missing in China, foreign minister says

Nancy Pelosi to support term limits for Democratic leaders

Mark Meadows out of running for Trump's chief of staff

Expert Voices Live: The Impact of the Digital Divide

Axios PM: May survives another day — Cohen gets 3 years — 1 rat thing

CBS settles with women who accused Charlie Rose of sexual harassment

Doctors say symptoms of diplomats in Cuba "cannot be faked"

Collision in Congress over future of Yemen war

Theresa May survives no-confidence vote over Brexit plan

UnitedHealthcare, Envision settle payment dispute

After months of debate, Congress agrees on sexual harassment bill

House Dems to launch "deep dive" into Khashoggi murder

U.S. lays out terms for $500 million Israel-Croatia arms deal

National Enquirer publisher admits to suppressing story for Trump

Big Tech's hold on the stock market might not last

Stories

T-Mobile flaw let anyone access user info with only a phone number

Latest Stories

Latest Stories

Apple to invest $1 billion in new Austin campus

Google's CEO weighs in on bigness

Vatican's third-highest official convicted of child sex abuse in Australia

Wanted: a killer app for quantum computing

Axios Future: Quantum's killer app — Leonardo is back — Big schmig (Part II)

Second Canadian missing in China, foreign minister says

Nancy Pelosi to support term limits for Democratic leaders

Mark Meadows out of running for Trump's chief of staff

Expert Voices Live: The Impact of the Digital Divide

Axios PM: May survives another day — Cohen gets 3 years — 1 rat thing

CBS settles with women who accused Charlie Rose of sexual harassment

Doctors say symptoms of diplomats in Cuba "cannot be faked"

Collision in Congress over future of Yemen war

Theresa May survives no-confidence vote over Brexit plan

UnitedHealthcare, Envision settle payment dispute

After months of debate, Congress agrees on sexual harassment bill

House Dems to launch "deep dive" into Khashoggi murder

U.S. lays out terms for $500 million Israel-Croatia arms deal

National Enquirer publisher admits to suppressing story for Trump

Big Tech's hold on the stock market might not last

New: A daily newsletter defining what matters in business and markets

Stories

T-Mobile flaw let anyone access user info with only a phone number