'Critical' T-Mobile Bug Allowed Hackers To Hijack Users' Accounts (vice.com) 16
An anonymous reader quotes a report from Motherboard: The vulnerability was found and reported by a security researcher on December 19 of last year, but it hasn't been revealed until now. Within a day, T-Mobile classified it as "critical," patched the bug, and gave the researcher a $5,000 reward. That's good news, but it's unclear how long the site was vulnerable and whether any malicious hackers found and exploited the bug before it was fixed. The newly disclosed bug allowed hackers to log into T-Mobile's account website as any customer. "It's literally like logging into your account and then stepping away from the keyboard and letting the attacker sit down," Scott Helme, a security researcher who reviewed the bug report, told Motherboard in an online chat. Shortly after we published this story, a T-Mobile spokesperson sent us a statement: "This bug was confidentially reported through our Bug Bounty program in December and fixed within a matter of hours," the emailed statement read. "We found no evidence of customer information being compromised."
Correct use of "literally" (Score:3)
"It's literally like logging into your account and then stepping away from the keyboard and letting the attacker sit down," Scott Helme, a security researcher who reviewed the bug report, told Motherboard in an online chat.
Someone please give this gentleman a pat on the back for correct use of the word "literally."
Note: I am not being sarcastic or pedantic. It is just that it such an oft misused word that it is nice to see it used correctly.
But incorrect use of the "post article" button (Score:2)
Correct use of "literally"
But incorrect use of the "post article" button.
This is a dupe:
https://news.slashdot.org/stor... [slashdot.org]
Re: (Score:3)
Check this out: https://www.merriam-webster.com/words-at-play/misuse-of-literally [merriam-webster.com]
That was far more interesting then anything else I've read on /. today.
We have top people working on this. TOP PEOPLE! (Score:3)
"We found no evidence of customer information being compromised."
You really have to wonder how hard they actually looked for evidence. and how good their security and logging is if they did not actually find anything...
Re: (Score:2)
That explains the text (Score:2)
The sent out some SMS alert earlier this month talking about "an industry-wide phone number port out scam"
https://www.t-mobile.com/custo... [t-mobile.com]
Not really related, sure, but a good smoke screen... "everyone is having security issues", I suppose.
Re: (Score:2)
The sent out some SMS alert earlier this month talking about "an industry-wide phone number port out scam"
https://www.t-mobile.com/custo... [t-mobile.com]
I noticed that happened right after that story about [slashdot.org] the man who lost the cryptocurrency after his (2FA used) T-Mobile number was ported to an attacker's account on AT&T because the T-Mobile rep got social engineered it sounds like.