T-Mobile Website Allowed Hackers to Access Your Account Data With Just Your Phone Number

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Until last week, a bug on a T-Mobile website let hackers access personal data such as email address, a customer's T-Mobile account number, and the phone's IMSI, a standardized unique number that identifies subscribers. On Friday, a day after Motherboard asked T-Mobile about the issue, the company fixed the bug. The flaw, which was discovered by security researcher Karan Saini, allowed malicious hackers who knew -- or guessed -- your phone number to obtain data that could've been used for social engineering attacks, or perhaps even to hijack victim's numbers. "T-Mobile has 76 million customers, and an attacker could have run a script to scrape the data (email, name, billing account number, IMSI number, other numbers under the same account which are usually family members) from all 76 million of these customers to create a searchable database with accurate and up-to-date information of all users," Saini, who is the founder of startup Secure7, told Motherboard in an online chat. "That would effectively be classified as a very critical data breach, making every T-Mobile cell phone owner a victim," he added.

Re:Hacker?

[TooMuchToDo]

The US government considers it so, and prosecutes for it.

"A hacker charged with federal crimes for obtaining the personal data of more than 100,000 iPad owners from AT&T’s publicly accessible website was sentenced on Monday to 41 months in prison followed by three years of supervised release."

https://www.wired.com/2013/03/...