T-Mobile customers: Your data has been put at risk by your carrier, once again. In what seems like copypasta at this point, a security researcher recently found a bug in a publicly discoverable subdomain on T-Mobile's website that gave anyone access to customer data using just a phone number. It's almost like T-Mobile wants to award those bug bounties.
This time around, a not-hidden-enough API in promotool.t-mobile.com, apparently a "Customer Care Portal" for employees, allowed any enterprising individual to access T-Mobile customer data by appending the customer's phone number to the end of the URL — no password required.
Read MoreAnother T-Mobile website bug allowed anyone to access customer info using just a phone number was written by the awesome team at Android Police.
from Android Police – Android news, reviews, apps, games, phones, tablets https://ift.tt/2IMGfLN
via IFTTT
No comments:
Post a Comment