U.S carrier’s T-Mobile and AT&T recently had their customer’s account PINs compromised by two different security flaws.
BuzzFeed News reports that there was a flaw in Apple’s online store that exposed over 72 million of T-Mobile customer’s account PINs. Apple has been alerted and says that the security flaw has been resolved.
On the other hand, Asurion, a company responsible for insuring phones for various carriers, had a vulnerability that exposed account passcodes for its AT&T customers.
Account PINs are important as it acts as a form of two-factor authentication, preventing hackers from gaining access to your account, assigning your phone number to a new SIM, and using SMS verification to reset passwords to most of your accounts.
While only applicable to T-Mobile users, Apple’s verification process essentially allowed infinite attempts at the account PIN, allowing hackers to continuously attempt gaining access to your account.
For Asurion, hackers with an AT&T customer’s wireless number could gain access to a separate form that asked for the account holder’s passcode. Again, no limit was imposed on attempts, allowing hackers to infinitely attempt at the passcode. As with the vulnerability from Apple, other carriers had a limit on the amount of attempts could be made.
AT&T spokesman Jim Greer says, “In addition to the multiple layers of security we have in place to help protect our customers, we will continue to work with Asurion to investigate this. We will take any additional action that may be appropriate.”