We are reader supported. External links may earn us a commission.


T-Mobile website features a plug-and-play hack that could expose customers’ details

By Jules Wang May 25, 2018, 9:20 am

A T-Mobile USA website subdomain easily allowed anyone with a customer’s phone number to obtain personal information about them.

According to ZDNet, promotool.t-mobile.com was an employee tool easily accessible through search engines and was not protected by a password. Employees did specific look-ups by adding the customer’s cellphone number to the end of the address.

What was revealed was the customer’s full name, billing address and account numbers with tax information for some customers, account PINs for access to privileged account actions — such as canceling an account or changing personal details — and details of any overdue bills or service suspensions.


The subdomain was pulled offline after bug hunter Ryan Stevenson reported the vulnerability to the company in April for a $1,000 bounty. However, it’s not clear how long the URL was live — the Internet Archive has logged a copy of the page from last October.

T-Mobile issued a statement, a portion of which reads:

The bug bounty program exists so that researchers can alert us to vulnerabilities, which is what happened here, and we support this type of responsible and coordinated disclosure […] The bug was patched as soon as possible and we have no evidence that any customer information was accessed.

A similar exploit on T-Mobile’s site — also allowing access to personal information with just a phone number — was uncovered in October by Motherboard. It was independently verified that data was being taken through this method for weeks. The company’s prepaid subsidiary, MetroPCS, has also been subject to the same number entry exploit for its website in November 2015.


Latest Articles


Here's how the Apple iPod changed the world in 21 years

iPod was an industry-changing device at its time, and it had a massive impact on modern smartphones, and the way we listen to music. We take a last look at the now-discontinued Apple iPod and the history it leaves behind.

By Roland Udvarlaki May 11, 2022, 10:00 am

How to use Mic Modes in VOIP and FaceTime Calls

This guide will go over the steps you need to follow to activate one of the available Mic Mode settings on Apple Devices to begin using the feature and improve your calling experience.

By Aryan Suren May 10, 2022, 10:00 am

This iPhone 14 feature might urge users to upgrade

Until now, it appeared that iPhone 14 would only be a minor upgrade over the iPhone 13 series. However, a new leak suggests that the iPhone 14 will come with one feature that might urge users to upgrade.

By Sanuj Bhatia May 9, 2022, 5:00 am