T-Mobile users say other people’s account information is appearing in their app

fne8w2ah@lemmy.world to Technology@lemmy.world – 244 points –
T-Mobile users say other people’s account information is appearing in their app
theverge.com
18

T-Mobile decided it's just easier if they leak your info themselves, rather than let someone else leak it for the 3rd time this year.

As someone who worked (third party) for T-Mobile a good 15ish years ago: Why am I not surprised that the company that I used to take phone calls for regarding other peoples shit appearing on their online photo roll on the website somehow is having this problem?? 😆

Online Photo Roll? Do they have a photos cloud backup or what?

You, at least (again) 15ish years ago, could upload photos you took to your account on the tmobile website. Don't remember if it was meant as a backup or some other purpose. Just remember being able to, as a CSR, check said photos when people would call in for issues with their bills and shit. Was funny lol.

This happened where I work. An inexperienced team was making changes to a shared code base. They made changes to make usernames case insensitive, without thinking about them ready being case sensitive. So if you logged in with user CAT123, you might get cat123's info. And then I was left on the team that had to clean up their mess and find and understand the impact.

Whoever ever thought that case sensitivity is a good idea ever in any place or time whatsoever, can go to hell. Including but not limited to Unix systems.

I hadn't given it much thought as so many of the legacy systems I worked with were case sensitive. But I'm with you. Except for passwords.

And they want my bank account information to get that auto pay discount? No thanks.

Exactly. As soon as the phones on our account are paid off one by one they will leave the t-mobile account. Too bad, I was their perfect customer. Never missed a payment, upgraded and financed phones and devices, generally had a ok experience. That has changed. I had to call in to find out how to get a Port Pin, and the rep was in an office so loud I could barely hear them, and it certainly was not a US based rep.

Their app is trash. It has been telling prepaid customers they are working on an update to the app that will support them for 3-4 years now.

This is the best summary I could come up with:


Multiple T-Mobile customers on X (formerly Twitter) and Reddit have reported that they’re able to see other users’ account data — including their current credit balance, purchase history, credit card information, and home address — when signing into their own T-Mobile accounts.

Some T-Mobile customers have mentioned seeing information from several other accounts, but the scale of the issue isn’t yet clear.

It’s prevalent enough that the T-Mobile subreddit has asked its users to avoid posting any further information for “security reasons.”

T-Mobile later blamed the issue on a “technology update” glitch and said the problem had been fixed as of Wednesday afternoon.

This was a temporary system glitch related to a planned overnight technology update involving limited account information for fewer than 100 customers, which was quickly resolved,” T-Mobile spokesperson Tara Darrow said in a statement emailed to The Verge.

The company has already had multiple security lapses this year, disclosing two separate cybersecurity attacks in January and May.


The original article contains 223 words, the summary contains 160 words. Saved 28%. I'm a bot and I'm open source!

23 years later and we still can’t sure their asses off. Complete bullshit. Is this another private equity purchase? Private equity companies should be made illegal today.

1 more...

I've been getting data limit alerts for a few months now for a device that isn't on my account. I couldn't find a way to tell T-Mobile about it, unless I wait on hold for a phone call. Fuck that.

seems like this is an area that a nice "arrangement" could be made, that is, US congress: you grant T-Mobile their band 41 licenses that are being held up by your own incompetence in exchange for T-Mobile actually addressing their own repeated incompetence involving anything related to data security. sell it to the public under the guise that it would be detrimental to the US consumer by letting T-Mobile continue to expand their public reach while completely ignoring the importance of data privacy and security of said public... and you can go on taking bribes from AT&T and Verizon in the meantime, dunno, sounds like a win-win to me.