T-Mobile Web Portal Bug Exposed Customer Account Data

A research conducted last month confirmed a bug in the T-Mobile customer support portal which exposed personal information including account details and PIN of its 74 million customers.


The T- mobile sub-domain has a customer care portal, “promotool.t-mobile.com”, which contained customer sensitive data is publicly accessible. This portal which is primarily used by the company staff could be easily accessed on search engine, and contained a hidden API that would return T-Mobile customer data simply by adding the customer’s cell phone number to the end of the web address.

Since the API wasn’t protected by a login screen or any other authentication protection, the portal could be easily accessed by anyone. Hence, customer’s full name, postal address, billing account number, and in some cases information about tax identification numbers could be easily retrieved.

Read Full Article

Comments

Popular posts from this blog

How to remove Speedtest-guide.com redirect from your system

The novel DNS protocol helps Mozart Malware evade detection

How to remove ZUpdater.exe Trojan from your system?