Security flaw exposes personal data tied to Trump-linked smartphone,
Trump Mobile, the wireless company tied to President Donald Trump, is under fire after customer information was exposed online through a major security flaw linked to a third-party platform provider.
The issue came to light on Tuesday after YouTubers Stephen Findeisen and Charles Christopher White Jr published videos about the vulnerability, claiming a researcher had contacted them after discovering customer details tied to orders for the company’s gold-colored T1 smartphone were accessible online.
Findeisen said he decided to go public after receiving no response from Trump Mobile. ‘There’s a public interest in letting people know: Do not order on TrumpMobile.com unless you’re ready for your information to be leaked. It’s basically that bad,’ he said.
A Trump Mobile spokesperson confirmed the incident to the Daily Mail, saying: ‘We are aware of recent public reports regarding the potential exposure of limited customer information associated with a third-party platform provider that supports certain Trump Mobile operations.’
The spokesperson said the exposed information appeared to include names, email addresses, mailing addresses, phone numbers and order identifiers, suggesting hackers may have accessed an outside vendor’s system rather than directly breaching Trump Mobile’s own network.
‘[It] does not appear to involve Trump Mobile payment card information, banking information, Social Security numbers, call records, text messages, or other highly sensitive financial data,’ the spokesperson added.
The incident comes just days after Trump Mobile announced its gold MAGA-themed T1 Phone was finally shipping to customers following months of delays.
Last week, the company said its $499 smartphone had ‘arrived’ and that roughly 590,000 customers who paid $100 deposits would begin receiving shipping updates.
YouTubers claimed that TrumpMobile.com contained an exploitable software flaw that can leak data, including emails, physical addresses and full names
‘Out of an abundance of caution, our third-party platform provider has implemented additional safeguards and enhanced monitoring measures while the matter continues to be investigated with the assistance of independent cybersecurity professionals,’ the Trump Mobile spokesperson said.
‘Customers should remain alert for suspicious emails, text messages, or phone calls referencing Trump Mobile orders or accounts. Trump Mobile will not ask customers to provide payment information, passwords, or other sensitive information through unsolicited communications.’
Findeisen, who has 1.5 million subscribers, said in the video that he was among the customers whose personal information had been exposed in the leak.
‘Everything short of credit card numbers is being leaked through a security exploit that I’m not going to explain in detail, but it’s not complicated,’ he said.
‘Exactly how it works was explained to me. I’m not a computer expert.’
Findeisen said he was contacted over the weekend by an individual who claimed to have access to Trump Mobile customer data and warned users that their personal information was allegedly exposed online.
According to the YouTuber, the person shared details tied to his account, including mailing information and order records, along with partially redacted data belonging to other customers, to demonstrate the breach was legitimate.
Findeisen said the individual appeared more interested in getting the vulnerability fixed than publicly exposing users, and claimed they had already attempted to alert Trump Mobile without success.
Although no payment information appears to have been compromised, the vulnerability allegedly allowed access to internal order data that may reveal how many people actually signed up for Trump Mobile
After learning about the issue, Findeisen said he contacted fellow YouTuber White, who had also ordered a Trump Mobile device and allegedly found his own information exposed. White has 18 million subscribers.
Findeisen warned viewers against ordering from the company’s website, claiming the security issue was serious enough to expose customer information.
He also raised concerns about the type of data a mobile carrier could potentially collect, including browsing activity, call records and location information.
‘You know, my address is out on [TrumpMobile.com] being served up to anyone who knows this security exploit,’ claimed Findeisen.
The phone is part of Trump Mobile, a venture launched last year by the Trump Organization under a trademark licensing arrangement and promoted by Donald Trump Jr. and Eric Trump.
Its monthly 5G plan costs $47.45, an apparent nod to Trump serving as the 45th and 47th president.
‘Phones that were pre-ordered are starting to be delivered to customers this week,’ Trump Mobile CEO Pat O’Brien said last week, adding that the delay was caused by quality checks and the complicated process of bringing a phone to market.
But the announcement only came after renewed scrutiny over the terms and conditions on Trump Mobile’s website, which were quietly updated last month to state that placing a deposit ‘does not guarantee’ a device will ever be produced or made available for purchase.
Instead, the company said the deposits – reportedly totaling $59 million – merely represented a ‘conditional opportunity’ to purchase a phone if Trump Mobile ultimately decided to sell one.
The company had originally planned to launch the device last August.
Nearly 10 months later, it announced this week that the phones would begin shipping – though observers quickly noticed the company had disabled comments beneath the post.
The move may have been aimed at limiting mounting backlash over months of silence surrounding the rollout.
