No password required: Mobile carrier exposes data for millions of accounts

Dan Goodin reports:

Q Link Wireless, a provider of low-cost mobile phone and data services to 2 million US-based customers, has been making sensitive account data available to anyone who knows a valid phone number on the carrier’s network, an analysis of the company’s account management app shows.

Read more on The Register.

Opinion: I have “featured” this story because it’s…. simply outrageous that the firm was reportedly informed more than one year ago and allowed this exposure of consumers’ personal details to continue until hounded by coverage and media attention.

A government regulator really needs to look into the allegations in Goodin’s report and open a formal investigation, if indicated.

Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers
Hotel and Casino near Las Vegas Strip suffers data breach, documents say
Bombay High Court Orders Department of Telecommunications to Block Medusa Accounts After Generali Insurance Data Breach
Cyber-Attack On Bectu’s Parent Union Sparks UK National Security Concerns
Attorney General James Announces Settlement with Wojeski & Company Accounting Firm
John Bolton Indictment Provides Interesting Details About Hack of His AOL Account and Extortion Attempt

Related: