Sensitive information pertaining to more than 10 million MetroPCS customers was put at risk by the company’s web team due to some sloppy coding. The “bug” was discovered by security researchers Eric Taylor and Blake Welsh and allowed them to gain access to a person’s home address, phone serial number and additional account details simply by entering their phone number. The good news is that MetroPCS has fixed the issue on its site, and there’s no evidence that anyone with malicious intent had gained access to customer details through the company’s website.
Keeping customer data secure is a very difficult task, but there’s no excuse for sloppy coding on a public website that could potentially cause havoc to MetroPCS and all of its customers. We’re hoping that their web team will be a little more attentive in the future and that other companies are taking a second look at their websites as well.