Trump Mobile’s T1 Phone Site Exposed Customer Data via Simple Exploit
A security flaw in Trump Mobile’s website has reportedly exposed sensitive customer data, including names, addresses, and email addresses just shy of credit card details. The vulnerability was demonstrated to YouTubers Voidzilla and penguinz0 by an anonymous source, who claimed the exploit was straightforward and allowed access to what appeared to be the entire customer database. As of the report, the data remained publicly accessible, with no response from Trump Mobile to address the issue.
The breach also revealed that pre-orders for the delayed T1 Phone stand at roughly 30,000 far below earlier estimates of 590,000. The data suggests only about 10,000 distinct customers placed orders, though some may have made multiple purchases (e.g., phone and service plan). The low order count raises questions about the product’s viability and may explain its repeated delays.
The incident compounds concerns for customers, who face both an uncertain product launch and potential exposure of their personal information. The source behind the exploit claimed no intent to misuse the data, but the unpatched vulnerability leaves it vulnerable to malicious actors.
Trump Mobile TPRM report: https://www.rankiteo.com/company/trumpia
"id": "tru1779402458",
"linkid": "trumpia",
"type": "Vulnerability",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Approximately 10,000 distinct '
'customers (30,000 pre-orders)',
'industry': 'Telecommunications/Mobile Technology',
'name': 'Trump Mobile',
'type': 'Company'}],
'attack_vector': 'Web Application Vulnerability',
'data_breach': {'number_of_records_exposed': 'Approximately 30,000 pre-orders '
'(10,000 distinct customers)',
'personally_identifiable_information': 'Names, addresses, '
'email addresses',
'sensitivity_of_data': 'High (PII exposed)',
'type_of_data_compromised': 'Customer data'},
'description': 'A security flaw in Trump Mobile’s website exposed sensitive '
'customer data, including names, addresses, and email '
'addresses. The vulnerability was demonstrated to YouTubers '
'Voidzilla and pengz0 by an anonymous source, who claimed the '
'exploit was straightforward and allowed access to the entire '
'customer database. The data remained publicly accessible with '
'no response from Trump Mobile to address the issue.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'unpatched vulnerability and data '
'exposure',
'data_compromised': 'Names, addresses, email addresses',
'identity_theft_risk': 'High',
'payment_information_risk': 'Low (credit card details not exposed)',
'systems_affected': 'Trump Mobile’s website'},
'investigation_status': 'Ongoing (unpatched as of report)',
'post_incident_analysis': {'root_causes': 'Unpatched web application '
'vulnerability'},
'references': [{'source': 'YouTube (Voidzilla and penguinz0)'}],
'threat_actor': 'Anonymous Source',
'title': 'Trump Mobile’s T1 Phone Site Exposed Customer Data via Simple '
'Exploit',
'type': 'Data Breach'}