Hacking, AppSec, and Bug Bounty newsletter
2017-10-12 | T-Mobile bug, Dow Jones AWS config error, and Over the Air Vol 2, Part 3
Thursday, October 12
T-Mobile website bug exposed customers’ email addresses, their billing account numbers, and the phone’s IMSI numbers. Kudos to T-Mobile who acted fast in fixing the bug.
Restricted User is able to edit Alert Conditions of Synthetics Monitors even if Synthetics Permissions is enabled by an admin [5 upvotes] - no bounty for this report to New Relic by @jon_bottarini.
Twitter, Zomato, Adobe, GrabTaxi, Slack, Vimeo and more published reports on Hacktivity in the past 24-hours.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices
@shahmeer-amir, @geekboy, @cablej, @cachemoney at Hacken
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
That would effectively be classified as a very critical data breach, making every T-Mobile cell phone owner a victim