One of the biggest security breaches of the year at one of the biggest telco providers of the world. T-Mobile. They reported that 76 million users data could be exposed.

The problem was with the wsg.t-mobile.com API. When someone searched for someone else’s number. API send back the data that included  the searched numbers user data.

The data included:

  • Email address
  • IMSI network code
  • billing account data
  • More

All you needed to know is the users’ phone number. The bug was known and exploited for “quite a while” said the report on the source below.