yitit
Home
/
Computing
/
Bug on T-Mobile website allowed hackers to access account info
Bug on T-Mobile website allowed hackers to access account info-March 2024
Mar 31, 2026 12:08 AM

  Image used with permission by copyright holderAnother day, another privacy issue. Until last week, a T-Mobile website allowed hackers to gain access to personal information like email addresses, T-Mobile account numbers, and more, using only the customer’s phone number. The story was first reported by Motherboard, which said that T-Mobile fixed the issue one day after Motherboard asked the company about it.

  Discovered by security researcher Karan Saini, the flaw basically allowed hackers who knew or guessed your phone number to gain valuable information that could then be used in a social engineering attack or even to gain access to other personal information elsewhere online. That put 76 million T-Mobile customers in danger of having their data compromised.

  Recommended Videos

  Even more concerning is the fact that, according to Saini, it would have been pretty easy for an attacker to write a script that automatically retrieved all account details through this bug. As part of the bug, hackers could also access a user’s IMSI number, which is basically a unique identifying number for customers. Using that, hackers could do things like track a user’s location, intercept texts and calls, and more. On top of that, the number could theoretically be used to conduct fraud through taking advantage of the notoriously insecure SS7 network, which is a backbone communications standard.

  Related

  Everything you need to know about the massive AT&T outage The T-Mobile Tuesdays app is about to get a big upgrade T-Mobile’s huge lead in 5G speeds isn’t going anywhere

  T-Mobile, for its part, disputes some of the claims made by Saini. Instead of affecting all 76 million customers, T-Mobile says that the bug only affects a small portion of customers. The company also said that it fixed the bug within 24 hours of it being discovered and according to Saini, the company gave him $1,000 for being a part of the T-Mobile bug bounty program, which rewards people who find and report bugs and flaws.

  The report comes at a time when it’s looking more and more like Sprint and T-Mobile will announce a merger in the next few weeks. It’s unlikely this report will have an affect on talks about the merger.

  There does not seem to be any evidence that any malicious hackers knew about or exploited the bug, but that doesn’t mean it didn’t happen. Either way, we reached out to T-Mobile and will update this story if we hear back.

Comments
Welcome to yitit comments! Please keep conversations courteous and on-topic. To fosterproductive and respectful conversations, you may see comments from our Community Managers.
Sign up to post
Sort by
Login to display more comments
Computing
Recent News
select 198766*667891 from DUAL
select 198766*667891 from DUAL
select 198766*667891
select 198766*667891
@@gtyFA
@@gtyFA
Mr.
Mr.
About
Terms and Conditions Privacy policy Cookie Settings Contact Us
Services
Login register
yitit Hardware Computing Mobile Finance Software Deals
Links
zpostcode Recruit weather mreligion Yellowpages sport constellation shopping name game directory literature Word tour furnish Lottery tftnews lyrics News digital car dir Edu Finance
Copyright 2023-2026 - www.yitit.com All Rights Reserved