What the heck is going on at Q Link Wireless? Dozens of our readers have recently left angry comments about Q Link here at FreeGovernmentCellPhones.net. They are outraged about the dismal state of the company’s customer service.
Now those same customers have even more to worry about: Q Link made it possible for anyone to access customers’ personal info —- including their names, addresses, phone numbers, and text and phone call history. All the person needed was a copy of the customer’s Q Link phone number.
Q Link claimed to have over 2 million customers so that’s not just an “oops,” it’s a major oops.
How did they manage to bungle this situation so badly? TheVerge.com explains:
“…the app used by the carrier and its subsidiary Hello Mobile never asked for a password or any identifying information when the user was logging on with a phone number. Looking through the reviews, there are references to the poor security practices (to put it mildly) going back to December of 2020. While it’s unclear when the credential-less login system appeared, there is an update note from two years ago that mentions an “updated login process.”
The carrier has reportedly fixed the issue — though it seems it may have done so by just turning off logins to the app altogether. Before the change, Ars was able to see, but not change, a bevy of information from a Hello Mobile customer who volunteered their phone number, including their name, address, account number, email address, and which numbers they’d contacted or been contacted by. The last one is probably the most sensitive — while the contents of texts or phone calls weren’t shown, there’s still a lot of information that can be gleaned from knowing who you talked to and when you talked to them.
The app’s description mentions that it allows users to add more minutes or data to their plans, but it’s unclear if that required extra authentication. Regardless, there’s still a ton of information that was available to anyone able to get the phone number of one of Q Link Wireless’ customers. Reportedly, Q Link Wireless hasn’t notified its customers that their information had been accessible — which seems to be a worrying trend among companies that leak user data.
There is no evidence that much damage was done nor that much personal info was exploited, but what the hey? The last thing anyone — especially the low-income customers in which Q Link specializes — needs is to have their personal info stolen.
C’mon, Q Link. What’s going on at Q Link central?
Time to clean up your act.