One of the biggest security breaches of the year at one of the biggest telco providers of the world. T-Mobile. They reported that 76 million users data could be exposed.

The problem was with the API. When someone searched for someone else’s number. API send back the data that included  the searched numbers user data.

The data included:

  • Email address
  • IMSI network code
  • billing account data
  • More

All you needed to know is the users’ phone number. The bug was known and exploited for “quite a while” said the report on the source below.