One of the biggest security breaches of the year at one of the biggest telco providers of the world. T-Mobile. They reported that 76 million users data could be exposed.
The problem was with the wsg.t-mobile.com API. When someone searched for someone else’s number. API send back the data that included the searched numbers user data.
The data included:
- Email address
- IMSI network code
- billing account data
All you needed to know is the users’ phone number. The bug was known and exploited for “quite a while” said the report on the source below.