MetroPCS site flaw exposed the data of 10 million subscribers

Sponsored Links

Jon Fingas
November 16, 2015 2:37 AM
MetroPCS site flaw exposed the data of 10 million subscribers

It's not just hacks that put your personal data out in the open -- sometimes, it's just poor coding. Security researchers Eric Taylor and Blake Welsh have shown Motherboard a MetroPCS website bug that, until it was fixed this month, made it easy to get sensitive info for over 10 million subscribers. All you needed was a phone number to get a person's home address, phone serial number and more. And if you weren't picky, you could have whipped up a script to harvest all of the data within two days.

There's no evidence that someone discovered the bug before the researchers did, so you can likely relax if you're a MetroPCS customer. However, this is the latest in a string of discoveries (Taylor and Welsh previously found flaws at telecoms like Comcast and Verizon) that suggests these companies haven't been very good at keeping your data under wraps. The worry is that thieves will find another flaw on this scale before your provider has a chance to patch it.

[Image credit: AP Photo/Mary Altaffer]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget