A T-Mobile API exposed client data from any client, and all you needed was a phe number, according to ZDNet. T-Mobile closed the API after it was reported by the company's bug program and stated that there was no evidence data was actually accessed.
In a statement, T-Mobile said:
researchers can alert us to vulnerabilities, which has happened here, and we support this type of respsible and coordinated disclosure. The bug has been fixed as so as possible and we have no proof that customer information has been csulted, "added the spokesman.
We have already traveled this road
Of course, T-Mobile said the same thing. a similar API a different subdomain that appeared in October 2017. Motherboard then reported that although T-Mobile stated that there was no evidence accessed , the data was accessible.
address, billing account number and tax identificati information (where relevant, eg businesses). Oh, and your PIN to ctact customer support, which could have allowed the bad guys to hack into your account. And, of course, users reuse PINs at least as often as they re-use passwords.
Do not reuse passwords or PINs. Do not do that. DO NOT
Also, change your T-Mobile password and make sure you never reuse passwords a site.