So we're still waiting for someone from T-Mobile to get back with us with an official comment on what happened, but
the big thing to take away from the Paris Hilton
Sidekick hacking scandal (besides all the amateur porn and celebrity cellphone numbers) is that if she didn't
"inadvertantly" give someone the password to her Sidekick, then T-Mobile didn't adequately protect the personal data of
one of their subscribers (yeah, we're getting a little heavy on you all).
We already knew that T-Mobile's security had been compromised--the hacker behind all that plead guilty last week—but in this specific case the crux of the problem is that they keep all of your contacts and data on a server and not on your Sidekick. Why? Because they want to own the data so they can hold on to you as a customer (if you can't take your emails and contacts with you, it'll be tougher to switch, right?). It's a bad practice for a lot of reasons, but at the end of the day it just makes it that much easier for a hacker—or a mischievious T-Mobile employee—to snoop around. Sure, you could theoretically use Bluetoooth or whatever to directly hack into someone's phone and grab their address book, but it's way, way harder than just yanking it off of a server somewhere. We feel bad that Avril Lavigne's personal assistant had to get her boss a new phone number on a Sunday, but that's a small price to pay if T-Mobile (and every other company that handles their customers' private data) finally gets hammered home that they need to do a lot better job securing our privacy.