66.7 F
Washington D.C.
Monday, May 29, 2023

T-Mobile Data Breach Shows Importance of Securing Internal Tools

A bug found on T-Mobile’s website allowed anyone with a customer’s phone number to access their name, address, billing account number, security PIN, and even tax identification numbers in some cases, ZDNet exclusively reported Thursday.

The flaw, which has since been patched, was found in a T-Mobile subdomain that employees use as a customer care portal to access internal tools. However, anyone could search for the subdomain — promotool.t-mobile.com — and a hidden API would display customer data if that person’s cell phone number was added to the end of the web address, ZDNet reported.

Though intended for employee use, the subdomain was not protected by a password, allowing anyone to access this information and, by extension, customer accounts and data.

The issue highlights the importance of securing internal tools at any business. For one, the subdomain should not have been on a public IP address, but behind a firewall for more protection. There also should have been some form of authentication required to access the portal and information.

Read more at TechRepublic

Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

- Advertisement -

Latest Articles