Security bug with T-Mobile website let hackers access any customer’s account


T-Mobile has had some security issues lately, including port-in scams that allegedly led to one man having his cryptocurrency stolen, and now details on another recent problem have popped up.

On December 19, security researcher Kane Gamble discovered a vulnerability with the T-Mobile website that would allow hackers to log into anyone’s account, reports Motherboard. The issue was reported to T-Mobile on the same day.

When it learned of the bug, T-Mobile unsurprisingly classified it as “critical”. The bug was patched within one day of T-Mo learning of it, and Gamble was given $5,000 for reporting it.

Here’s what T-Mobile had to say about the vulnerability:

“This bug was confidentially reported through our Bug Bounty program in December and fixed within a matter of hours. We found no evidence of customer information being compromised.”

It’s unclear how long the security hole was open, but it’s good to hear that T-Mobile was able to patch it up within a day of learning about the vulnerability. What’s disappointing is that this is the third significant security issue related to T-Mobile that we’ve heard about in recent months. Other problems include a security flaw with T-Mo’s website that would let an attacker access a customer’s account data, and more recently, a man sued T-Mobile for letting hackers port his account to AT&T and steal thousands of dollars worth of cryptocurrency.

Here’s to hoping that this is the last T-Mobile security issue for a while.

Thanks, Don!

Source: Motherboard

Tags: , ,

  • Nearmsp

    T-mobile recently sent a pin to avoid account being ported. Everyone should call 611 and register a pin,

  • The Borg

    Yes, as long as you have registered a pin, your account should be good.

  • steveb944

    You mentioned the crypto currency twice.

    T-Mobile is growing, so it happens I guess.

  • mikeZo6

    WTF this is wrong Tmobile should have way better security and held liable for a negative action taken out on customers accounts cause TMOBILE WAS HACKED AGAIN

    • Noremacam

      Finding and reporting a vulnerability is not the same as being hacked. They might have been hacked, but there’s no evidence/reports of it.

  • coakl

    re: “Here’s to hoping that this is the last T-Mobile security issue for a while.”

    T-Mo needs to be PROACTIVE about Android security patches for older phones.
    If a device was sold by T-Mo, and is on T-Mo’s network, then T-Mo needs to support it, for as long as security updates for available for it.
    Example: S5’s. Verizon still releases security updates for theirs, but T-Mo refuses to.

    Otherwise, you have thousands, hundreds of thousands, millions of un-patched, vulnerable little computers on your network.