Apple Store Security Vulnerability Exposed 77 Million PIN Codes Of T-Mobile Clients In The US

A security vulnerability on the Apple Store website has exposed the PIN codes of over 77 million T-Mobile customers, but it didn’t affect Verizon, Sprint, or AT&T users.

The security flaw was uncovered by IT security researchers Phobia and Nicholas Ceraolo, who also discovered a related vulnerability on the Asurion phone company’s site, which disclosed the PIN codes of AT&T clients.

Apple addressed the security flaw and showed gratitude to the IT specialists that founded the issue

Apple and Asurion have since corrected the vulnerabilities of their websites. Apple opted not to comment further on the current situation, but told BuzzFeed News it is “very grateful to the researchers who found the flaw.” The PIN code, which is private, is an extra security feature used by numerous operators in the US.

The mobile device PIN codes are the ultimate defense line for a cellular account, as carriers ask for the code to verify changes made in accounts.

Apple Store security vulnerability exposed 77 million PIN codes of T-Mobile customers in the US

That is a big issue for those 77 million T-Mobile customers, mainly as SIM hacking, that uses social engineering to get technical assistance personnel to move a customer’s phone number to a new SIM card, is getting increasingly common because of the large number of accounts, such as bank, e-mail, social networks, and many more, linked to a phone number.

On the other hand, the other affected website, belonging to Asurion, also tackled the issue.

“Asurion takes the customer security and privacy very seriously, and as such we have an ongoing, layered security program in place to prevent security issues. We are investigating the researcher’s concerns, but have immediately implemented measures to address these concerns to ensure customers’ accounts are safe again,” stated one of the Asurion’s spokespersons.

On the other hand, T-Mobile also faced a recent data breach in which aggressors could access “certain data.”

You might like

About the Author: Anna Galvez

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.