Security bug with T-Mobile website let hackers access any customer’s account


T-Mobile has had some security issues lately, including port-in scams that allegedly led to one man having his cryptocurrency stolen, and now details on another recent problem have popped up.

On December 19, security researcher Kane Gamble discovered a vulnerability with the T-Mobile website that would allow hackers to log into anyone’s account, reports Motherboard. The issue was reported to T-Mobile on the same day.

When it learned of the bug, T-Mobile unsurprisingly classified it as “critical”. The bug was patched within one day of T-Mo learning of it, and Gamble was given $5,000 for reporting it.

Here’s what T-Mobile had to say about the vulnerability:

“This bug was confidentially reported through our Bug Bounty program in December and fixed within a matter of hours. We found no evidence of customer information being compromised.”

It’s unclear how long the security hole was open, but it’s good to hear that T-Mobile was able to patch it up within a day of learning about the vulnerability. What’s disappointing is that this is the third significant security issue related to T-Mobile that we’ve heard about in recent months. Other problems include a security flaw with T-Mo’s website that would let an attacker access a customer’s account data, and more recently, a man sued T-Mobile for letting hackers port his account to AT&T and steal thousands of dollars worth of cryptocurrency.

Here’s to hoping that this is the last T-Mobile security issue for a while.

Thanks, Don!

Source: Motherboard

Tags: , ,