A gaping security flaw on T-Mobile’s website left important personal information of customers exposed to anyone who entered their phone number.
Security researcher Ryan Stevenson discovered the flaw which left the following information exposed:
- Name
- Account number
- Billing address
- Home address
- Account PIN number
- Tax ID
- Info about your account including whether you’ve ever been late with payments
This part of the website was intended for use by T-mobile’s customer service, but it appears that it wasn’t protected in any way, so anyone who had the address of the site, could go there and search for your information with just a phone number.
T-Mobile told tech site, ZDnet that the issue had been fixed almost immediately after the company found out about it and that there was no evidence that any customer accounts were compromised.
Still, it’s always a good idea to keep a close eye on your phone bill for any unexpected charges or additions of services.