Skip to main content

T-Mobile users say other people’s account information is appearing in their app

T-Mobile users say other people’s account information is appearing in their app


T-Mobile customers are reportedly seeing other customers’ sensitive data, including contact numbers, device IDs, and credit card information when logging into their own accounts.

Share this story

Illustration of the T-Mobile logo, the letter T in a pink box with two squares on either side of it, in front of a blue and aqua background.
T-Mobile has yet to offer an explanation for the issue.
Illustration: Alex Castro / The Verge

There’s some weirdness happening over at T-Mobile this morning. Multiple T-Mobile customers on X (formerly Twitter) and Reddit have reported that they’re able to see other users’ account data — including their current credit balance, purchase history, credit card information, and home address — when signing into their own T-Mobile accounts.

Some T-Mobile customers have mentioned seeing information from several other accounts, but the scale of the issue isn’t yet clear. It’s prevalent enough that the T-Mobile subreddit has asked its users to avoid posting any further information for “security reasons.”

T-Mobile later blamed the issue on a “technology update” glitch and said the problem had been fixed as of Wednesday afternoon. “There was no cyberattack or breach at T-Mobile. This was a temporary system glitch related to a planned overnight technology update involving limited account information for fewer than 100 customers, which was quickly resolved,” T-Mobile spokesperson Tara Darrow said in a statement emailed to The Verge.

The company has already had multiple security lapses this year, disclosing two separate cybersecurity attacks in January and May.

Here’s a selection of complaints:

Update September 20th, 7:30AM ET: This article has been updated to reflect that T-Mobile has now acknowledged the issue.

Update September 20th, 2:35PM ET: Updated with comment from T-Mobile saying the issue had been resolved and was not a security breach.