Recent T-Mobile and AT&T Data Breach Linked to Website Flaws

Published on August 25, 2018
Written by:
Nitish Singh
Image Courtesy of Lifehacker

T-Mobile suffered a recent data breach that could have exposed user data of up to 2 million of its 77 million users. According to independent research conducted and reported to Buzzfeed News, both T-Mobile and AT&T’s security flaws were due to insecure website pages. Security researchers Phobia (Ryan Ceraolo) and Convict (Nicholas Ceraolo) identified the flaws in the carriers web API.

The T-Mobile vulnerability was found in the carrier’s link to the Apple online store which allowed users to purchase Apple iPhones and 4G iPads with T-Mobile connections. Apple’s online shopping portal allowed the carrier’s users to guess the account pin unlimited times instead of a fixed number of attempts in other secure platforms. It allowed hackers to run all the possible combinations and identify the private account pins through hacking tools.

AT&T and T-Mobile Security Flaws

Image Courtesy of Buzzfeed

Once the right T-Mobile pin would be identified, it could be used to hijack the user’s SIM card and phone number with full access. Subsequently, access to the pin allows hackers to remove two-factor authentication or access private text messages with the four-digit code. Phobia and Convict also revealed that AT&T suffered a very similar vulnerability in a page that allowed users to file insurance claims. Similar to the T-Mobile exploit, hackers with access to an AT&T phone number could run all possible 4 digit pins until the correct one would be identified.

Instagram suffered a similar data breach recently with users reporting their accounts being hacked due to a flaw in how the two-factor authentication system worked. Users who use online services with PIN-based security should use physical 2FA keys or temporary access keys as an added layer of security to prevent data breaches. The telecoms have already fixed the vulnerabilities and are working towards improving data security.

What do you think about the recent data breaches suffered by the carriers? Let us know in the comments below. Also, to get instant tech updates, follow TechNadu’s Facebook page, and Twitter handle.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: