- Trump Mobile’s pre-order site exposed about 27,000 customer records due to a checkout bug that logged records even without completed purchases
- Leaked data included names, addresses, emails and phone numbers, increasing phishing risks, although no payment or highly sensitive information was compromised
- Trump Media confirmed the issue and is investigating it with outside cybersecurity experts; no evidence of malicious access or active attacks yet
Trump Mobile’s website apparently leaked contact information from people who pre-ordered the device, as well as those who only went halfway through the process β with about 27,000 people having some personal data exposed.
A software developer, who wished to remain anonymous, found a bug on the Trump Mobile website and reported it to the company β a separate programmer, Jonathan Soma, said The Guardian The Trump Mobile site used a “joint e-commerce model” that generated a new record in the database every time someone visits the checkout page, even if they don’t proceed with the purchase.
“I probably started three phone purchases and didn’t buy any of them,” he said. Since the database contains 27,224 records, it is safe to assume that the number of people affected is somewhat smaller.
Investigation of the allegations
Trump Media confirmed the findings, saying they investigated it “with the assistance of independent cybersecurity professionals.”
So far, it has been confirmed that the site leaked people’s names, addresses and phone numbers, which is just enough information to launch a relatively successful phishing campaign. However, there is no evidence that malicious actors have obtained this database and no reports of actual phishing attacks taking place right now.
“Based on the information available, we have not identified evidence that Trump Mobile’s systems, infrastructure or network were directly compromised,” the company told the publication in a statement. The investigation continues.”
Sensitive data was most likely not compromised: βAt this time, the incident does not appear to involve Trump Mobile payment card information, banking information, social security numbers, call logs, text messages, or other highly sensitive financial data.
At this time, the affected information appears to be limited to certain customer information, including names, email addresses, postal addresses, order identifiers and mobile phone numbers.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
