T-Mobile has a ‘bug-bounty-program’ and a security researcher by the name of Ryan Stevenson was awarded $1000.00 for discovering a ‘bug’ in one of T-Mobile’s online tools in early April of 2018.
How nice…
The tool is known as ‘promotool.t-mobile.com’.
The ‘bug’ allows anyone who has your cell phone number, to simply add your cell phone number to the end of this ‘tool’, and your personal details would have been revealed, such as full names, postal addresses, billing account numbers, and in some cases, tax identification numbers.
Most alarming, the breach may have also revealed PIN Numbers and security questions that are used when calling customer support.
How did this happen?
Quite simply, the ‘tool’ was not password protected!
Of course, a T-Mobile representative said that “the bug was patched as soon as possible and [they] have no evidence that any customer information was accessed.”
THE BREACH WAS DISCOVERED IN EARLY APRIL OF 2018 BY AN OUTSIDE SOURCE!
IT HAS BEEN OVER 30 DAYS!
HOW CAN THAT STATEMENT BE EVEN REMOTELY TRUE!
T-Mobile does not know for how long the online ‘tool’ was accessible before April of 2018. On top of that, they do not know how much data was stolen.
Hackers who have stolen your personal data can now reset passwords to your other accounts and change your account settings.
If this is not enough, you can now fall victim to port-out scams or SIM card scams.
These are multi-million and multi-billion dollar private companies and they cannot keep your data safe and protected.
T-Mobile’s motto is ‘IT’S YOUR DATA… KEEP IT’
How can we ‘KEEP IT’ if YOU cannot keep it safe!
STOP PUTTING YOUR PERSONAL DATA ONLINE PEOPLE!