Stories
Slash Boxes
Comments

SoylentNews is people

No Password Required: Mobile Carrier Exposes Data for Millions of Accounts

posted by Fnord666 on Tuesday April 13 2021, @10:04AM   Printer-friendly
from the save-money,-get-pwned dept.
Security

upstart writes in with an IRC submission:

No password required: Mobile carrier exposes data for millions of accounts:

Q Link Wireless, a provider of low-cost mobile phone and data services to 2 million US-based customers, has been making sensitive account data available to anyone who knows a valid phone number on the carrier's network, an analysis of the company's account management app shows.

Dania, Florida-based Q Link Wireless is what's known as a Mobile Virtual Network Operator, meaning it doesn't operate its own wireless network but rather buys services in bulk from other carriers and resells them. It provides government-subsidized phones and service to low-income consumers through the FCC's Lifeline Program. It also offers a range of low-cost service plans through its Hello Mobile brand. In 2019, Q Link Wireless said it had 2 million customers.

The carrier offers an app called My Mobile Account (for both iOS and Android) that customers can use to monitor text and minutes histories, data and minute usage, or to buy additional minutes or data. The app also displays the customer's:

  • First and last name
  • Home address
  • Phone call history (from/to)
  • Text message history (from/to)
  • Phone carrier account number needed for porting
  • Email address
  • Last four digits of the associated payment card

[...] No password required . . . what?

Original Submission

This discussion has been archived. No new comments can be posted.
No Password Required: Mobile Carrier Exposes Data for Millions of Accounts | Log In/Create an Account | Top | 5 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: -1, Troll) by Anonymous Coward on Tuesday April 13 2021, @11:23AM

    by Anonymous Coward on Tuesday April 13 2021, @11:23AM (#1136940)

    See subject: I am issuing a fatwa for a Jihad against TMB for his many crimes against me & others.

    It's time to make TMB pay for his crimes. Resign or face the wrath of Jihad.

    APK

    P.S.=> I can stop SN's server any time I want & everyone knows it... apk

  • (Score: 1, Touché) by Anonymous Coward on Tuesday April 13 2021, @12:52PM (1 child)

    by Anonymous Coward on Tuesday April 13 2021, @12:52PM (#1136964)

    In fact, it was the most-requested feature by both the FBI *and* the CIA (for some reason, the NSA didn't bother requesting it).

    • (Score: 3, Touché) by maxwell demon on Tuesday April 13 2021, @02:35PM

      by maxwell demon (1608) on Tuesday April 13 2021, @02:35PM (#1137010) Journal

      for some reason, the NSA didn't bother requesting it

      At least not publicly.

      --
      The Tao of math: The numbers you can count are not the real numbers.

  • (Score: 1, Interesting) by Anonymous Coward on Tuesday April 13 2021, @03:34PM

    by Anonymous Coward on Tuesday April 13 2021, @03:34PM (#1137028)

    This is an Obamaphone service provider. If the government is paying for this, I'd expect the police to have unfettered access when they come across an Obamaphone at a crime scene.

  • (Score: 1, Interesting) by Anonymous Coward on Tuesday April 13 2021, @04:52PM

    by Anonymous Coward on Tuesday April 13 2021, @04:52PM (#1137057)

    are passwords racist oppression, like voter i.d.?

(1)