T-Mobile bug allowed lookup of customer data
T-Mobile bug A site bug at T-Mobile uncovered a device that enabled any guest to run a telephone number and decide a client's place of residence and record PIN among other data, ZDNet reports.
The blemish has since been settled, the report notes.
While the query device wasn't unmistakably set, it was presented to all, and the subdomain where it was found (promotool.t-mobile.com) was effortlessly found on web search tools.
T-Mobile pulled the defenseless API disconnected a day after it was accounted for toward the beginning of April by a security scientist, who won $1,000 in a bug abundance program.
The bug was about indistinguishable to a comparable uncovered API issue situated on an alternate T-Mobile subdomain a year ago.