Today, T-Mobile users reported an alarming issue where they were able to view the account and billing details of other customers upon accessing the company’s official mobile app.
Social media posts from these users highlighted that the revealed data consisted of customer names, phone numbers, residential addresses, outstanding balances, and partial credit card details, including expiration dates and the final four digits.
The Verge was the first to shed light on the situation, noting that certain users could view the confidential data of several other customers while accessing their own accounts. Notably, while a surge in such reports became evident today on platforms like Reddit and Twitter, some assert that they’ve noticed this problem persisting for the past fortnight.
“I flagged this concern when it initially emerged on Reddit about two weeks ago, even providing images of the other user’s data to their security team. Astonishingly, no feedback was given,” voiced one of the users.
Another stated, “I’ve previously communicated this concern to T-Mobile staff, and also mentioned an issue where I was misdirected to the metro activation line whenever my phone service was on hold.”
Contrary to what might be a popular assumption, T-Mobile clarified that this was not a result of a cyberattack, and no breaches in their systems had taken place.
Furthermore, in spite of the extensive reports from numerous customers about being affected, T-Mobile has indicated that the scope of this incident was minimal, implicating fewer than 100 customers.
A T-Mobile representative informed BleepingComputer, “This isn’t the outcome of any cyber intrusion or system compromise at T-Mobile. The issue stemmed from a short-lived system glitch during a scheduled overnight tech update that impacted a minimal number of accounts, fewer than 100 in total. Prompt action was taken to rectify it.”