MetroPCS site flaw exposed the data of 10 million subscribers

It's not just hacks that put your personal data out in the open -- sometimes, it's just poor coding. Security researchers Eric Taylor and Blake Welsh have shown Motherboard a MetroPCS website bug that, until it was fixed this month, made it easy to get sensitive info for over 10 million subscribers. All you needed was a phone number to get a person's home address, phone serial number and more. And if you weren't picky, you could have whipped up a script to harvest all of the data within two days.

There's no evidence that someone discovered the bug before the researchers did, so you can likely relax if you're a MetroPCS customer. However, this is the latest in a string of discoveries (Taylor and Welsh previously found flaws at telecoms like Comcast and Verizon) that suggests these companies haven't been very good at keeping your data under wraps. The worry is that thieves will find another flaw on this scale before your provider has a chance to patch it.

[Image credit: AP Photo/Mary Altaffer]