- Trump Mobile’s pre-order site exposed approximately 27,000 customer records due to a payment flaw that recorded entries even without completed purchases.
- The leaked data included names, addresses, emails and phone numbers, increasing the risks of phishing, even though no payments or highly sensitive information was compromised.
- Trump Media has confirmed the issue and is investigating with external cybersecurity experts; no evidence yet of malicious access or active attacks
Trump Mobile’s website apparently leaked the contact details of people who had pre-ordered the device, as well as those who had only gone halfway through the process – with around 27,000 people having had some personal data exposed.
A software developer, who wished to remain anonymous, discovered a flaw on Trump Mobile’s website and reported it to the company – said another programmer, Jonathan Soma. The guardian The Trump Mobile website used a “common e-commerce model,” which generated a new database entry every time someone visited the checkout page, even if they didn’t complete the purchase.
“I probably started three phone purchases and didn’t buy any,” he said. Since the database contains 27,224 entries, it can be assumed that the number of people affected is slightly lower.
Investigate complaints
Trump Media confirmed the findings and said it was investigating the matter “with the assistance of independent cybersecurity professionals.”
So far, the site has been confirmed to have leaked people’s names, addresses and phone numbers, which is just enough information to launch a relatively successful phishing campaign. There is, however, no evidence that malicious actors have obtained this database, and no reports of actual phishing attacks underway at this time.
“Based on available information, we have not identified any evidence that Trump Mobile’s systems, infrastructure, or network were directly compromised,” the company told the publication in a statement. The investigation is still ongoing. »
Sensitive data was likely not compromised: “At this time, the incident does not appear to involve Trump Mobile payment card information, banking information, Social Security numbers, call records, text messages, or other highly sensitive financial data.
At the moment, the information affected appears to be limited to certain customer details, including names, email addresses, postal addresses, order IDs and mobile phone numbers.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.