No password required: Mobile carrier exposes data for millions of accounts | Ars Technical

data-leak-800x534 No password required: Mobile carrier exposes data for millions of accounts | Ars Technical

Enlarge (credit: Getty Images)

Q Link Wireless, a provider of low-cost mobile phone and data services to 2 million US-based customers, has been making sensitive account data available to anyone who knows a valid phone number on the carrier’s network, an analysis of the company’s account management app shows.

Dania, Florida-based Q Link Wireless is what’s known as a Mobile Virtual Network Operator, meaning it doesn’t operate its own wireless network but rather buys services in bulk from other carriers and resells them. It provides government-subsidized phones and service to low-income consumers through the FCC’s Lifeline Program. It also offers a range of low-cost service plans through its Hello Mobile brand. In 2019, Q Link Wireless said it had 2 million customers.

The carrier offers an app called My Mobile Account (for both iOS and Android) that customers can use to monitor text and minutes histories, data and minute usage, or to buy additional minutes or data. The app also displays the customer’s:

Read 11 remaining paragraphs | Comments

index?i=OfDRoWTp4O4:aGP1hSq2S-A:V_sGLiPBpWU No password required: Mobile carrier exposes data for millions of accounts | Ars Technical index?i=OfDRoWTp4O4:aGP1hSq2S-A:F7zBnMyn0Lo No password required: Mobile carrier exposes data for millions of accounts | Ars Technical index?d=qj6IDK7rITs No password required: Mobile carrier exposes data for millions of accounts | Ars Technical index?d=yIl2AUoC8zA No password required: Mobile carrier exposes data for millions of accounts | Ars Technical

Read More

Leave a Reply