We appreciate responsible reporting of bugs through our Bug Bounty program and encourage researchers to contact us if they find anything. To help put your mind at ease, there is no evidence that customer data has been exposed. We take account security and privacy very seriously and there are many things you can do to protect your information. You can review tips on managing your privacy here: Privacy Resources | Your Privacy & Marketing Choice | T-Mobile
The report begs to differ that no customer data has been exposed:
"Although T-Mobile said at the time it found "no evidence" that customer data was stolen, it later transpired that hackers already found the exposed API and had been exploiting the bug for weeks. The hackers proved this by providing the Motherboard reporter with his own data."
I appreciate the follow-up/reply, tmo_chris , but maybe we can agree to disagree?
This has also been posted at TmoNews:
Would like to know if T-Mobile suggests that customers need to change their account PINs. If so, please let all customers know ASAP.
Setting up additional layers of security such as pins, passwords, and port out security is something that we always suggest to our customers. If you would like to set up these additional layers of security, you can reach out to our care teams over the phone or on social (Facebook/Twitter) Contact Us
So we've (many customers) already setup multiple layers of security with our T-Mobile ID, including (but not limited to) port out security PINs, passwords, security questions and optionally, 2-step verification. Still, our T-Mobile customer account data was breached (including PINs). And reach out to social media? Secure? Private? What?
Privacy and security must be the #1 focus of T-Mobile and every other company, especially communication companies.
Then let's focus on technology (best of breed, etc.), lowest cost (best value) and ease of use (see #1 focus first).
Take care and best wishes.