Research has uncovered that lax security measures at some major cell phone companies in the US have left their customer data vulnerable.
The world has changed drastically in a variety of different ways over the past few decades. However, nothing compares to how much we now rely on technology in the present day. We all have smartphones which we use for almost everything, and physical money is quickly becoming a thing of the past as we make monetary exchanges online or via contactless payments.
Ironically, having a lack of physical money has actually made it easier to steal. The further we venture down the technological rabbit hole, the more concerned we become about the safety of our money, assets, and personal details. There are likely a few of you reading this right now who have had aspects of your identity stolen or even had money taken from your accounts without you even knowing about it.
What we hope for, and have quite rightly come to expect, is that those companies we entrust our details to do a good job of keeping them safe. As reported by The Verge over the weekend, it has recently come to light that some cell phone companies have not been doing that. Buzzfeed News initially reported that AT&T and T-Mobile had both inadvertently created situations that left their customers data vulnerable to hackers.
In both instances, the companies have online forms where someone can have unlimited attempts at a customer’s PIN, needing nothing more than their phone number. It’s a method known as a brute-force attack and is normally controlled by a user being blocked after having a certain number of attempts at a PIN or password. TechCrunch also reported that security researchers were able to gain access to a Sprint staff portal due to the use of weak usernames and passwords.
All three companies have responded to the revelations and claim to be putting extra measures in place to ensure that customer data is no longer vulnerable. What should also be made clear is that in no way has it been reported that customer data was breached and stolen from any of the companies mentioned above, just that researchers discovered the measures in place, or lack of, were not suitable or strong enough.