In mid-October, security researchers found a glaring flaw on the payment page of MetroPCS, a contract-free cell carrier owned by T-Mobile with 10 million customers. Using only a customer's phone number, a snoop could see the person's name, address, what plan they were signed up for and even what phone they had.
Using that data, it would be simple for a scammer to call the person and trick them out of more information. Also, they could pretend to be that person on the phone and break into other accounts they might own. Even worse, people trying to escape from an abusive relationship or stalker could have had their new address exposed.
A clever hacker wouldn't even need to know someone's phone number. They could just write a program that submitted random phone numbers and pulled the data whenever a phone number turned out to be a MetroPCS subscriber. Of course, there isn't evidence that happened.
Once researchers Eric Taylor and Blake Welsh let T-Mobile know about the flaw, it was quickly fixed. So the flaw no longer exists, but there's no telling how long it was active. If you're a MetroPCS customer, be on your guard against suspicious phone calls by learning the signs of a phone scam. You'll also want to keep an eye on your other online accounts.