T-Mobile’s long-running security problems are back in the spotlight after a tech security engineer revealed what appeared to be a serious flaw exposing customer phone numbers. The issue reportedly appeared on a promotions page, where a dropdown menu surfaced with far more numbers than any single customer should have access to. For customers already accustomed to breach notifications, the discovery felt like yet another warning sign.
The incident came to light after Jake Ashton, a security engineer at Arctic Wolf, shared a screenshot on LinkedIn showing the apparent flaw. According to Ashton, entering a first and last name prompted the system to display a dropdown menu of phone numbers. The sheer volume of numbers visible raised immediate concerns about how broadly customer data might be exposed.
According to the DailyDot, the post quickly sparked outrage among customers, many of whom saw the issue as part of a much larger pattern. T-Mobile has suffered confirmed hacks nearly every year between 2015 and 2023, with claims of another massive breach involving tens of millions of records surfacing as recently as 2025.
This discovery only added to the sense that deeper issues remain unresolved
Ashton publicly criticized the company, suggesting that practices like this help explain why T-Mobile continues to experience security failures. He later removed the original screenshot after someone whose number appeared in the image asked him to take it down, but followed up with a detailed explanation of how he tested the page.
He said he was not logged in when the dropdown appeared and used DuckDuckGo to ensure no cached credentials were involved. To rule out user-specific behavior, he also had a friend who was not a T-Mobile customer test the page and see the same result. Ashton said he contacted T-Mobile but was unimpressed by the response, adding that repeated breaches have left him deeply frustrated as a customer.
T-Mobile responded by downplaying the scope of the issue, saying it deployed a fix over the weekend. A spokesperson described the problem as a “very narrow edge condition” that could occur after converting a consumer account into a business account. According to the company, only an authenticated user might have seen a limited list of numbers associated with that same business account, and no other personal data was exposed.
That explanation did little to calm public reaction. Social media users accused the carrier of negligence, with some linking the flaw to the volume of spam calls they receive. Others openly discussed joining a class action lawsuit, reflecting a broader public distrust that has also surfaced in unrelated controversies, from celebrity backlash stories like the petition to deport Nicki Minaj to political fights over tech regulation such as Trump and Desantis’s quarrel.
Published: Dec 30, 2025 06:00 pm