Security expert found an unproteced API at Deutsche Telekom - can be used to retrieve data about landline internet connections and user data.
https://borncity.com/win/2024/07/15/an-open-api-at-deutsche-telekom-is-leaking-user-data/
@gborn I see that the person that did the API work at Optus must have moved to Deutsche Telekom...
@gborn a similar thing works for mobile connections as well. You can request endpoint configuration data without any specific permissions (except Internet access). Which includes the users phone number.