Trump Mobile probing second major data leak — additional breach allegedly exposes personal info of 27,000 pre-order customers

3 weeks ago 10

Trump Mobile’s preorder site exposed around 27,000 customer records due to a checkout flaw that logged entries even without completed purchases
Leaked data included names, addresses, emails, and phone numbers, raising phishing risks, though no payment or highly sensitive info was compromised
Trump Media confirmed the issue and is investigating with external cybersecurity experts; no evidence yet of malicious access or active attacks

The website of Trump Mobile was apparently leaking contact information from people who preordered the device, as well as those who only went halfway through the process - with around 27,000 people having some personal data exposed.

A software developer, who wanted to stay anonymous, found a flaw in the Trump Mobile website and reported it to the company - a separate programmer, Jonathan Soma, told The Guardian the Trump Mobile website used a “common e-commerce model”, that generated a new entry in the database every time someone visits the checkout page, even if they don’t proceed with the purchase.

“I probably started three phone purchases and didn’t buy any of them,” he said. Since the database contains 27,224 entries, it’s safe to assume that the number of affected people is somewhat smaller.

Investigating the claims

Trump Media confirmed the findings and said it was looking into it “with the assistance of independent cybersecurity professionals.”

So far, it was confirmed that the site leaked people’s names, addresses, and phone numbers, which is just enough information to launch a relatively successful phishing campaign. There is no evidence, however, of malicious actors obtaining this database, and no reports of actual phishing attacks taking place right now.

“Based on the available information, we have not identified evidence that Trump Mobile’s systems, infrastructure, or network were directly compromised,” the company told the publication in a statement. The investigation remains ongoing.”

Sensitive data was most likely not compromised: “At this time, the incident does not appear to involve Trump Mobile payment card information, banking information, Social Security numbers, call records, text messages, or other highly sensitive financial data.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

At this time, the impacted information appears to be limited to certain customer details, including names, email addresses, mailing addresses, order identifiers and mobile phone numbers.”

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article