T-Mobile website exposed customer data, had no password protection

Reported by ZDNet, the wireless provider was storing its customers’ personal data on a website that lacked password protection and may have been vulnerable for months … The data also included customers’ account information, such as if a bill is past-due or if the customer had their service suspended … Although T-Mobile said at the time it found「no evidence」that customer data was stolen, it later transpired that hackers already found the exposed API and had been exploiting the bug for weeks.