Security researchers found vulnerabilities at AT&T, T-Mobile, and Sprint that could have exposed customer data
https://www.theverge.com/2018/8/25/17781906/att-tmobile-sprint-security-vulnerabilities-customer-information
It hasn’t been a good week for telecommunications companies: security researchers have uncovered security flaws with systems at AT&T, Sprint, and T-Mobile that could have left customer data accessible to bad actors.
Yesterday, BuzzFeed News reported two flaws that left customer information information vulnerable at AT&T and T-Mobile. In T-Mobile’s case, an “engineering mistake” between Apple’s online storefront and T-Mobile’s account validation API allowed for an unlimited number of attempts on an online form, which would allow a hacker to use commonly-available tools to guess an account PIN or the last four digits in a customer’s social security number, in what’s called a brute-force attack.