Trump Mobile probing second major data leak — additional breach allegedly exposes personal info of 27,000 pre-order customers

News
By published

Trump Mobile website had a worrying vulnerability

Trump Mobile
(Image credit: Trump Mobile)
  • Trump Mobile’s preorder site exposed around 27,000 customer records due to a checkout flaw that logged entries even without completed purchases
  • Leaked data included names, addresses, emails, and phone numbers, raising phishing risks, though no payment or highly sensitive info was compromised
  • Trump Media confirmed the issue and is investigating with external cybersecurity experts; no evidence yet of malicious access or active attacks

The website of Trump Mobile was apparently leaking contact information from people who preordered the device, as well as those who only went halfway through the process - with around 27,000 people having some personal data exposed.

A software developer, who wanted to stay anonymous, found a flaw in the Trump Mobile website and reported it to the company - a separate programmer, Jonathan Soma, told The Guardian the Trump Mobile website used a “common e-commerce model”, that generated a new entry in the database every time someone visits the checkout page, even if they don’t proceed with the purchase.

“I probably started three phone purchases and didn’t buy any of them,” he said. Since the database contains 27,224 entries, it’s safe to assume that the number of affected people is somewhat smaller.

Latest Videos From

Investigating the claims

Trump Media confirmed the findings and said it was looking into it “with the assistance of independent cybersecurity professionals.”

So far, it was confirmed that the site leaked people’s names, addresses, and phone numbers, which is just enough information to launch a relatively successful phishing campaign. There is no evidence, however, of malicious actors obtaining this database, and no reports of actual phishing attacks taking place right now.

“Based on the available information, we have not identified evidence that Trump Mobile’s systems, infrastructure, or network were directly compromised,” the company told the publication in a statement. The investigation remains ongoing.”

Sensitive data was most likely not compromised: “At this time, the incident does not appear to involve Trump Mobile payment card information, banking information, Social Security numbers, call records, text messages, or other highly sensitive financial data.

At this time, the impacted information appears to be limited to certain customer details, including names, email addresses, mailing addresses, order identifiers and mobile phone numbers.”

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.