It only takes one. We’re not talking about Lay’s potato chips or crisps. We’re tailing off a breach at the world’s largest consumer credit agency that affected 15 million T-Mobile customers. There’s now another security hole that Big Magenta’s subsidiary, prepaid carrier MetroPCS, has just finished patching up.

But if you’re one of the 10 million customers that had their data so easily accessible, there’s little comfort in finding out that the hole was a “pretty bad f*ckup on MetroPCS’s side.”

That comment comes from one hacker who found a similar bug at AT&T’s site in 2010 which yielded him 114,000 subscribers’ emails. Begs the question why you’d see this bug at another carrier some five years later.

Two researchers found that you could obtain any subscriber’s full name, home address, service plan level, your model of phone and even device serial number through this hole.

The hack could be targeted on an individual level by inputting a MetroPCS phone number onto the payments page. On a mass scale, it would be feasible to garner 10 million subscribers’ information through a rather basic script in just about two days.

Since MetroPCS is a prepaid carrier, it does not ask for Social Security numbers. However, the info obtained would be enough for a single miscreant to commit identity fraud, spoofing of conversation content.

The research team contacted the source for this story which, in turn, contacted T-Mobile about the bug before publishing its story. A T-Mobile spokesperson said that the company appreciated the “responsible disclosure,” but declined further comment.

And the good news insofar that we know is that there’s been no evidence that the information has been used or even stolen.

Source: Motherboard
Via: Engadget

You May Also Like
Huawei Mate 30 Pro review

Huawei Mate 30 Pro review: the best phone you can’t get, and that’s OK

In our Huawei Mate 30 Pro review we’re trying to answer the question of whether the phone can survive without Google support, and should you buy it?

Companies could soon get licenses to sell to Huawei

Good news for Huawei: In a recent Bloomberg interview, Commerce Secretary W. Ross said he was optimistic about reaching a “Phase One” China deal this month.

The upcoming Moto Razr has been spotted in the wild, with a huge chin

It seems that the new Moto Razr is already being caught in the wild, with a huge chin, and there’s a picture to prove it