Hackers have been spreading around a method to access any T-Mobile customer’s personal information, including account members’ upgrade and billing information, email, IMSI and other associated phone numbers.

All it takes is rendering script with an authorized token to T-Mobile’s site and plugging in a phone number at the end of it. Exploits of this type have also affect AT&T iPad accounts and MetroPCS.

While it was first publicly reported to Motherboard by security firm Secure7, an anonymous blackhat hacker later told the said publication that the bug had been exploited since at least early August. It’s not clear if any widespread compromise has been committed or if it would have been monetarily valuable to malicious actors, but even on an individual level, it can be pretty tough.

“A bunch of sim swapping skids had the [vulnerability] and used it for quite a while,” said the hacker, to illegally steal phone numbers from people.

User location data would also be compromised through by obtaining access to the SS7 infrastructure.

T-Mobile patched the exploit last week and gave Secure7 founder Karan Saini a bounty reward of $1,000. It later stated that it “found no evidence of customer accounts affected as a result of this vulnerability.”

In 2015, Experian admitted that a breach had compromised millions of T-Mobile customers data.

You May Also Like

Should you get the Galaxy S20 or the iPhone 11?

Samsung Galaxy S20 defines the Android flagship trend in 2020, but iPhone 11 is also an excellent purchase at a lower price. So, which one should you buy?

Tons of Apple deals are available right now on Amazon and B&H

Today’s deals come from Amazon and B&H, and they have a massive selection of Apple devices on sale, plus some other interesting products

Google asks U.S. government to let it resume business with HUAWEI: Report

Ever since HUAWEI was blacklisted from doing business with Google, its Android…