Lorenzo Franceschi-Bicchierai reports:
Hackers could have hijacked and taken control of T-Mobile’s customer accounts thanks to a severe bug on the company’s website.
The vulnerability was found and reported by a security researcher on December 19 of last year, but it hasn’t been revealed until now. Within a day, T-Mobile classified it as “critical,” patched the bug, and gave the researcher a $5,000 reward. That’s good news, but it’s unclear how long the site was vulnerable and whether any malicious hackers found and exploited the bug before it was fixed.
Read more on Motherboard.