Giving your personal data to a Trump-branded phone service just became a lot riskier. YouTuber penguinz0 revealed that TrumpMobile.com is “leaking customer information” through a vulnerability that exposes names, mailing addresses, emails, and phone numbers of everyone who preordered the T1 Phone. While credit card numbers remain protected, hackers can reportedly scrape the entire customer database and even place fake orders. Your contact details are essentially sitting in a digital fishbowl for anyone who knows where to look.
The Scope of Exposure
Around 10,000 customers have personal contact information accessible to attackers.
The anonymous security researcher who discovered this flaw didn’t just stumble across random data—they could search through every customer record and proved their access by showing penguinz0 and other affected users their real order details. This suggests classic broken access control, where the website fails to properly limit what information any visitor can query.
According to OWASP security guidelines, these “insecure data storage” vulnerabilities happen when developers assume no one will access systems they shouldn’t. Trump Mobile apparently made that assumption and lost. The company hasn’t responded to multiple disclosure attempts, forcing public warnings.
Carrier Confusion Won’t Save You
Trump Mobile’s web security problems are separate from T-Mobile’s network infrastructure.
Before you blame T-Mobile, remember that Trump Mobile operates as an independent MVNO that just licenses T-Mobile’s network. The preorder website and customer database are Trump Mobile’s responsibility, not T-Mobile’s.
That said, T-Mobile’s own security track record offers little comfort—76 million customers had data exposed in their 2021 breach, leading to a $350 million settlement. When your underlying network provider and your direct service both struggle with data protection, you’re getting privacy risks from multiple directions.
Numbers Don’t Lie
The leak deflates viral claims about massive T1 Phone demand.
Here’s where the story gets interesting: the exposed database suggests roughly 30,000 total orders, not the 590,000 that’s been circulating online. Wikipedia confirms no T1 phones have actually shipped yet, making those inflated preorder claims look even more suspicious.
Either Trump Mobile’s marketing team got creative with their calculator, or the hype machine ran ahead of reality.
Until Trump Mobile fixes this vulnerability and explains what happened, you should avoid placing new orders. This feels like another case where political branding outpaced operational competence—enthusiasm doesn’t encrypt databases.
