Twitter, love it or hate it, can be a great tool to communicate quickly. It allows for impersonal conversation and thought sharing with users all across the world. But for T-Mobile, they made a massive blunder and tweeted not only the user name of an individual"s account but also the password, too.
A European website, webwereld.nl, picked up on the tweet and quickly called out T-Mobile for its reckless actions. T-Mobile claims that they contacted the individual to promptly change their password.
Several issues become quickly apparent, for one thing, why does the same person using the company"s Twitter account also have access to unencrypted usernames and passwords. It appears in this situation that the person running the account also has access to unmasked username and passwords which represents another issue, why aren"t passwords encrypted on T-Mobile"s database. If a hacker were able to penetrate their network, they would have access to thousands of users accounts instantly.
"[The tweet] probably should have been a direct message to the customer," says T-Mobile. "When we found out that data was revealed, we immediately removed the account and contacted the customer to explain what happened." (translated from Dutch).
T-Mobile also says that nothing happened to the users account but the user states otherwise. They say that someone changed their subscription and renewed it, and not only that, they claim they"re receiving SMS messages from unknown individuals that reference things that could only be obtained from their account.
Thanks for the tip