More than 10 million MetroPCS customers had their personally identifiable information put at risk by a coding error on the companies website, although to obtain the information one would have to know the phone number of a MetroPCS customer.
Armed with a subscribers phone number a potential hacker would have been able to gain access to the subscribers home address, the plan they subscribed to and their phone model and serial number. Even without a customers phone number, the information could have been obtained by someone with a little bit of coding knowledge to write an automated script to harvest the data.
With the above data a hacker would have been able to use social engineering to potentially obtain even more sensitive information such as a bank account or email account.
The bug was reportedly found by security researchers Eric Taylor and Blake Welsh in mid October and has since been fixed. MetroPCS does not believe that any subscriber data has been compromised. Still this has to be embarrassing for the company, given that it is owned by T-Mobile which had a big customer data breach of its own to deal with just several weeks ago.