A security flaw in Apple’s online store exposed the account PINs of more than 72 million T-Mobile customers, according to BuzzFeed News.
Security researchers Phobia and Nicholas “Convict” Ceraolo discovered the problem. They also found a similar flaw in the website for phone insurance company Asurion that exposed AT&T account PINs.
Apple’s verification process while checking out allowed for infinite attempts at the account PIN, allowing hackers to continuously attempt gaining access to your account if you’re on the T-Mobile network. The problem may have been due an engineering mistake made when linking a T-Mobile application programming interface to Apple’s website, Ceraolo said.
