T-Mobile App Glitch Exposes User Data: Data Privacy Concerns Arise

Reading Time: ( Word Count: )

September 21, 2023
Nextdoorsec-course

Today, T-Mobile users reported an alarming issue where they were able to view the account and billing details of other customers upon accessing the company’s official mobile app.

Social media posts from these users highlighted that the revealed data consisted of customer names, phone numbers, residential addresses, outstanding balances, and partial credit card details, including expiration dates and the final four digits.

The Verge was the first to shed light on the situation, noting that certain users could view the confidential data of several other customers while accessing their own accounts. Notably, while a surge in such reports became evident today on platforms like Reddit and Twitter, some assert that they’ve noticed this problem persisting for the past fortnight.

“I flagged this concern when it initially emerged on Reddit about two weeks ago, even providing images of the other user’s data to their security team. Astonishingly, no feedback was given,” voiced one of the users.

Also Read: UK’s Online Safety Bill Gets Green Light, but Encryption Remains a Hot Topic

T-Mobile App Glitch Exposes User Data: Data Privacy Concerns Arise

Another stated, “I’ve previously communicated this concern to T-Mobile staff, and also mentioned an issue where I was misdirected to the metro activation line whenever my phone service was on hold.”

Contrary to what might be a popular assumption, T-Mobile clarified that this was not a result of a cyberattack, and no breaches in their systems had taken place.

Furthermore, in spite of the extensive reports from numerous customers about being affected, T-Mobile has indicated that the scope of this incident was minimal, implicating fewer than 100 customers.

A T-Mobile representative informed BleepingComputer, “This isn’t the outcome of any cyber intrusion or system compromise at T-Mobile. The issue stemmed from a short-lived system glitch during a scheduled overnight tech update that impacted a minimal number of accounts, fewer than 100 in total. Prompt action was taken to rectify it.”

Saher Mahmood

Saher Mahmood

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *