- Trump Mobile’s pre-order site exposed around 27,000 customer records due to a payment glitch that recorded entries even without completed purchases.
- The leaked data included names, addresses, emails and phone numbers, increasing phishing risks, although no payments or highly sensitive information was compromised.
- Trump Media confirmed the issue and is investigating with outside cybersecurity experts; no evidence yet of malicious access or active attacks
The Trump Mobile website was apparently leaking contact information for people who reserved the device, as well as those who only got halfway through the process: around 27,000 people had some personal data exposed.
A software developer who wanted to remain anonymous found a bug on Trump Mobile’s website and reported it to the company, said another programmer, Jonathan Soma. the guardian Trump Mobile’s website used a “common e-commerce model,” which generated a new database entry every time someone visited the checkout page, even if they didn’t continue with the purchase.
“I probably started buying three phones and didn’t buy any,” he said. Since the database contains 27,224 entries, it is safe to assume that the number of people affected is somewhat smaller.
Investigating claims
Trump Media confirmed the findings and said it was investigating them “with the help of independent cybersecurity professionals.”
So far, the site has been confirmed to have leaked people’s names, addresses, and phone numbers, which is enough information to launch a relatively successful phishing campaign. However, there is no evidence that malicious actors have obtained this database, and there are no reports of actual phishing attacks occurring at this time.
“Based on the information available, we have identified no evidence that Trump Mobile’s systems, infrastructure or network were directly compromised,” the company told the publication in a statement. “The investigation is ongoing.”
Sensitive data most likely was not compromised: “At this time, the incident does not appear to involve Trump Mobile payment card information, banking information, Social Security numbers, call logs, text messages, or other highly sensitive financial data.
At this time, the affected information appears to be limited to certain customer details, including names, email addresses, postal addresses, order identifiers and mobile phone numbers.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
