A Trump Mobile website flaw reportedly let anyone pull customer order records, exposing personal details of people who preordered the company’s phone service and handset. According to The Register and the finder, a simple HTTP POST request to exposed application programming interface (API) endpoints returned batches of records containing names, postal addresses, email addresses, phone numbers, customer numbers, enrollment IDs, and order-channel details; no CVE is assigned, and the issue was reportedly fixed after disclosure attempts.
Why it matters: Affected customers could face phishing, impersonation, or account-targeted fraud if their contact and order data was exposed. Trump Mobile users should watch for suspicious calls, texts, and emails referencing orders or account setup, while the company should clarify scope and notify affected users if exposure is confirmed.
SecurityWeek News
2026.05.29
95% relevant
This article adds that Trump Mobile confirmed customer names, addresses, email addresses, phone numbers, and other data were exposed, and said a third-party platform provider was responsible for the exposure.
2026.05.22
100% relevant
This article appears to be the first concrete report of the Trump Mobile customer-data exposure event, including the claimed technical access method, categories of data exposed, and estimated scale.
← Back to all stories