Trump Mobile Leak: Security Flaw Exposed Thousands of Customer Records
Table of Contents
A Simple Request, A Massive Leak
The rollout of Trump Mobile, the President’s ambitious foray into the American smartphone and cellular market, has been marred by reports of a significant security failure. A self-described “tech tinkerer” going by the name Louis claims to have discovered a vulnerability on the company’s website that potentially exposed the personal information of tens of thousands of customers.
According to Louis, the breach wasn’t the result of a complex cyberattack or a sophisticated SQL injection. Instead, it was a fundamental failure in how the site’s API handled requests. By using a simple HTTP POST request via a browser console, Louis was able to query the database and retrieve customer records with ease.
“It was a really simple HTTP request. POST, and then just asking for the info I wanted, basically,” Louis told The Register.
The vulnerability allowed the user to pull customer records in batches of ten. However, by identifying the customer account numbers within those batches, Louis was able to write a script to loop through the database. In just one hour, he claims to have harvested the records of approximately 5,000 customers. In total, he estimates that over 27,000 people who pre-ordered the Trump T1 phone had their data left flimsily secured.
What Was Exposed
The scope of the leaked data is comprehensive, covering almost every primary piece of personal identification collected during the order process. Louis reported being able to access:
- Full names (first and last)
- Primary and secondary physical addresses
- Email addresses and phone numbers
- Customer and account numbers
- Enrollment IDs (pre-order numbers)
- Order methodology (whether the purchase was made via phone or online)
After verifying the vulnerability and deleting the data his script had captured, Louis attempted to contact Trump Mobile to disclose the flaw. He reports that he received no response from the company. Despite the silence, it appears the hole has since been plugged, as the vulnerability is no longer active.
The T1: American Brand, Taiwanese Hardware
The security lapse comes as the first wave of Trump T1 smartphones is finally reaching customers. The device, characterized by its flashy gold casing, was originally slated for an August 2025 release but began shipping earlier this week.
The launch has been fraught with contradictions. Marketed heavily on a “Made in America” promise—launched amid escalating US-China trade tensions—the T1 appears to be far from a domestic innovation. Users receiving the device this week have confirmed that the T1 is effectively a reskinned HTC U-24 Pro, a mid-range Android device from the Taiwanese manufacturer that first entered the market in June 2024.
The irony of the “all-American” branding extends to the hardware’s aesthetics. While the T1 features an embossed American flag on the back, eagle-eyed users have noted that the flag contains only 11 stripes instead of the traditional 13.
Specifications and Market Position
Under the gold shell, the T1 offers standard mid-range specs: a Snapdragon 7 chip, 512GB of storage, and a 120Hz display. True to its branding, Truth Social comes pre-installed as a core application.
The device is currently listed at a promotional price of $499. For consumers, the value proposition is questionable; a standard HTC U-24 Pro with the same storage capacity can be found at similar price points across various major retailers, without the political branding or the baggage of a documented API leak.
Trump Mobile has not responded to requests for comment regarding the data exposure or the origins of the T1 hardware.
