An unsecured T-Mobile website made customer information available to anyone

A T-Mobile web domain left millions of customers’ account information — including their names, addresses, and sometimes tax identification numbers — unprotected for anyone to access. The website is designed as a customer care portal for employees, according to ZDNet, which first reported the security flaw, but it was available to find through search engines and required no password to access the tools.

Adding a customer’s phone number to the end of the web address yielded their full...

What feeling does this article give you?

#hashtags to follow:

ZDNet [+]    Adding [+]   

More #news: