Massive bug exposed T-Mobile’s subscriber account data

To those who have your phone number, there’s a chance that your account data was exposed. Lately, we’ve been going through the devastation of Equifax security breach, and now T-Mobile is coming into the mix. A huge bug in the company’s website allowed hackers to obtain a lot of personal dat on any customer as long as they had access to their phone number.

First discovered by security researcher Karan Saini and reported by Motherboard, this bug allowed access to names, email addresses, account numbers, and the IMSI identifier of the phones on the subscribers’ accounts, including others on the shared account. This means that those on your account are also vulnerable.

“T-Mobile has 76 million customers, and an attacker could have ran a script to scrape the data (email, name, billing account number, IMSI number, other numbers under the same account which are usually family members) from all 76 million of these customers to create a searchable database with accurate and up-to-date information of all users,” Saini told Motherboard.

After Saini contacted the company to alert them of the huge bug, T-Mobile said it was able to patch the hole before it could be fully exploited. T-Mobile, however, did also contradict Saini’s initial findings, stating that only a small portion of its subscribers were affected rather than the entire T-Mobile customer case.

If it wasn’t enough, hackers have also now come forward that they knew about the exploit and had been suing it for some time now. They went so far as to send the author of the Motherboard piece their own account data that was, according to T-Mobile, not leaked.

Hackers managed to gain access to the massive bug and exploited it to gain T-Mobile’s customer data before a patch was applied. This is definitely some devastating news for the uncarrier and would have been far worse if the patch was not applied. The carrier hasn’t given any additional comment. We have reached out for additional comment and will update once we hear back.

Hamza Khalid

Hamza Khalid is the Lead Editor at The Jolt Journal. You're more than welcome to follow him on Twitter and follow The Jolt Journal on Twitter and Facebook. If you have any questions, concerns, or need to report something in this article, please send our team an email at [email protected]. This story may be updated at any time if new information surfaces.

At The Jolt Journal, no one tells us what to write or how to write it. This is why, in the era of lies and bias, readers turn to an independent source. Rest assured, all information on our website is free of any bias or influence. If you see anything wrong with a story, please don't hesitate to reach out. We do our very best to report on the latest available information.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.