An unsecured T-Mobile website made customer information available to anyone

A T-Mobile web domain left millions of customers' account information — including their names, addresses, and sometimes tax identification numbers — unprotected for anyone to access. The website is designed as a customer care portal for employees, according to ZDNet, which first reported the security flaw, but it was available to find through search engines and required no password to access the tools.

Adding a customer's phone number to the end of the web address yielded their full name, postal address, billing account number, and some account information, like whether they were past due on a bill or if their service had been suspended. In some cases, tax ID numbers were exposed as well, and the data referenced account PINs that...

Continue reading…



via The Verge - Tech Posts https://ift.tt/2set3nQ
RSS Feed

If New feed item from http://www.theverge.com/tech/rss/index.xml, t

IFTTT

Comments

Popular posts from this blog

Evernote cuts staff as user growth stalls

The best air conditioner

We won't see a 'universal' vape oil cartridge anytime soon