The privacy bug on the website of T-Mobile was examined after a security reporter reported for the same, and on Friday, the bug has been fixed. According to Karan Saini, a Security researcher, the bug was allowing hackers to access the confidential details of millions of users including their email addresses, names, IMSI network code of phone and accounts just by knowing the phone numbers of the users. The hackers could use this information for the attacks of social engineering to commandeer users’ line.
Karan Saini told reporters that, “That would effectively be classified as a very critical data breach, making every T-Mobile cell phone owner a victim.”
T-Mobile said that there is no indication given about sharing the flaw broadly, but a little portion dedicated for the customer base had been affected. The company gave Karan Saini a reward of $1,000 in returns of reporting that bug as well as encouraged all others to claim a bug if they find any, to their website ‘email@example.com’, ‘firstname.lastname@example.org’ and email@example.com’.
The company is inviting people to report a bug, because it is a quite serious issue that it could have allowed unauthorized person or attackers to access the information. So, it must be good news for the customers of T-Mobile that the company has now fixed the bug fairly quickly, which didn’t exploited anyone with the vulnerability.
T-Mobile has stated that, “we were alerted to an issue that we investigated and fully resolved in less than 24 hours. There is no indication that it was shared more broadly.”