U.S carrier T – Mobile and AT & T recently stolen customer account PIN due to two different security flaws.
According to BuzzFeed News, Apple's online store said there was a defect that more than 70 million T-Mobile customer account PINs were published. It is said that Apple has warned that security flaws have been resolved.
Although applicable only to T-Mobile users, Apple's verification process during checkout permits infinite attempts at the account PIN and allows hackers to continually attempt to access the account.
Meanwhile, Asurion, a company that guarantees phones of various carriers, was vulnerable to disclosing an account PIN to AT & T customers.
In Asurion, a hacker with a wireless number of AT & T's customer may access another form requesting the account owner's passcode. Again, there were no restrictions on attempts so that hackers could try pass code indefinitely. As with Apple's vulnerabilities, there was a limit to the amount that other carriers could try.
Jim Greer's AT & T spokesman said, "In addition to preparing multiple security layers to protect customers, we will continue to investigate with Asurion and take additional actions that we believe are appropriate" .
Account PIN is important as it acts as a type of two-factor authentication, prevents access to hacker's account, assigns phone number to new SIM, and uses SMS validation to reset passwords to most accounts .
Subscribe to YouTube's 9to5Mac and Apple's news more: