1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DTHForum Xclusive T-Mobile bug gave hackers access to customer data using only a phone number

Discussion in 'Android apps and APKs' started by adithya, Oct 11, 2017.

  1. adithya

    adithya Moderator
    DFI Moderator

    Messages:
    3,047
    Location:
    bangalore
    Ratings:
    +5,934 / -0
    DTH:
    RDTV
    A security researcher has revealed that a recently patched hole in T-Mobile's security made it possible for hackers to vacuum up all your personal account information, and all they needed was your phone number. And you probably give that out all the time. T-Mobile says the vulnerability has been corrected, but there's some question how severe the data breach might have been.


    According to Motherboard, the flaw was reported to T-Mobile by security researcher Karan Saini. T-Mobile's wsg.t-mobile.com API was misconfigured and could be queried directly with a phone number. The API would then reply with all the account data associated with that number. That included addresses, account numbers, email addresses, other numbers on the same account, and device IMSI numbers. That's basically everything you need to take over someone's account, spam them, or spear phish them.

    T-Mobile says it corrected the vulnerability within 24 hours of being notified by Saini, but that's not the end of the story. After posting the story, Motherboard was contacted by a blackhat hacker claiming the security hole was known to people in the hacking community for at least several weeks before it was fixed. These individuals used it to hijack phone numbers by requesting new SIM cards using the account information obtained via the hack. As proof, the hacker provided the reporter with his own account information from T-Mobile. That could indicate there's a database of Tmo users out there, but T-Mobile says it has no evidence of that. Of course, it didn't know about the bug in the first place either.

    T-Mobile bug gave hackers access to customer data using only a phone number
    T-Mobile Website Allowed Hackers to Access Your Account Data With Just Your Phone Number - Motherboard
     
  2. ApurbSSJ

    ApurbSSJ Moderator
    DFI Moderator

    Messages:
    22,723
    Location:
    Patna
    Ratings:
    +8,381 / -0
    DTH:
    GTPL DCPL HD
    Bad News for T-Mobile Users..
     
    • Like Like x 1
  3. Technoglitch

    Technoglitch Administrator
    DTH Forum India Staff

    Messages:
    59,477
    Location:
    Chennai
    Ratings:
    +15,204 / -0
    DTH:
    ADTV,D2h,RDTV
    serious issues about the leak
     
    • Like Like x 1

Share This Page

  • About Us

    DTH Forum India is India's Fastest Growing DTH, Digital Cable & Entertainment Discussion Forum. It provides a platform to share and gain knowledge related to Telecom, Broadband, Digital Cable, DTH, Mobiles, Tablets including all other Social and Political Topics. Our community pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.