Trump Mobile, a wireless service associated with former President Donald Trump, is facing scrutiny following a significant security breach that exposed customer data online. This breach is attributed to vulnerabilities in a third-party platform provider’s system.
The security lapse was brought to public attention on Tuesday when YouTubers Stephen Findeisen and Charles Christopher White Jr highlighted the issue in their videos. They reported that a researcher had alerted them after finding that customer information connected to orders for Trump Mobile’s gold T1 smartphone was openly accessible online.
Findeisen explained his decision to publicize the vulnerability, citing a lack of response from Trump Mobile. “The public needs to be aware: Do not make purchases on TrumpMobile.com unless you’re prepared for your information to be compromised. It’s seriously that concerning,” he stated.
A representative from Trump Mobile acknowledged the data exposure to the Daily Mail, stating, “We are aware of recent reports regarding the potential exposure of limited customer information linked to a third-party platform provider that aids certain Trump Mobile operations.”
The spokesperson clarified that the compromised data seemed to include names, email addresses, mailing addresses, phone numbers, and order identifiers. This suggests that the breach likely occurred through an external vendor’s system rather than a direct attack on Trump Mobile’s network.
They further reassured that the breach did not appear to involve Trump Mobile’s payment card information, banking details, Social Security numbers, call records, text messages, or other highly sensitive financial data.
The incident comes just days after Trump Mobile announced its gold MAGA-themed T1 Phone was finally shipping to customers following months of delays.
Last week, the company said its $499 smartphone had ‘arrived’ and that roughly 590,000 customers who paid $100 deposits would begin receiving shipping updates.
YouTubers claimed that TrumpMobile.com contained an exploitable software flaw that can leak data, including emails, physical addresses and full names
‘Out of an abundance of caution, our third-party platform provider has implemented additional safeguards and enhanced monitoring measures while the matter continues to be investigated with the assistance of independent cybersecurity professionals,’ the Trump Mobile spokesperson said.
‘Customers should remain alert for suspicious emails, text messages, or phone calls referencing Trump Mobile orders or accounts. Trump Mobile will not ask customers to provide payment information, passwords, or other sensitive information through unsolicited communications.’
Findeisen, who has 1.5 million subscribers, said in the video that he was among the customers whose personal information had been exposed in the leak.
‘Everything short of credit card numbers is being leaked through a security exploit that I’m not going to explain in detail, but it’s not complicated,’ he said.
‘Exactly how it works was explained to me. I’m not a computer expert.’
Findeisen said he was contacted over the weekend by an individual who claimed to have access to Trump Mobile customer data and warned users that their personal information was allegedly exposed online.
According to the YouTuber, the person shared details tied to his account, including mailing information and order records, along with partially redacted data belonging to other customers, to demonstrate the breach was legitimate.
Findeisen said the individual appeared more interested in getting the vulnerability fixed than publicly exposing users, and claimed they had already attempted to alert Trump Mobile without success.
Although no payment information appears to have been compromised, the vulnerability allegedly allowed access to internal order data that may reveal how many people actually signed up for Trump Mobile
After learning about the issue, Findeisen said he contacted fellow YouTuber White, who had also ordered a Trump Mobile device and allegedly found his own information exposed. White has 18 million subscribers.
Findeisen warned viewers against ordering from the company’s website, claiming the security issue was serious enough to expose customer information.
He also raised concerns about the type of data a mobile carrier could potentially collect, including browsing activity, call records and location information.
‘You know, my address is out on [TrumpMobile.com] being served up to anyone who knows this security exploit,’ claimed Findeisen.
The phone is part of Trump Mobile, a venture launched last year by the Trump Organization under a trademark licensing arrangement and promoted by Donald Trump Jr. and Eric Trump.
Its monthly 5G plan costs $47.45, an apparent nod to Trump serving as the 45th and 47th president.
‘Phones that were pre-ordered are starting to be delivered to customers this week,’ Trump Mobile CEO Pat O’Brien said last week, adding that the delay was caused by quality checks and the complicated process of bringing a phone to market.
But the announcement only came after renewed scrutiny over the terms and conditions on Trump Mobile’s website, which were quietly updated last month to state that placing a deposit ‘does not guarantee’ a device will ever be produced or made available for purchase.
Instead, the company said the deposits – reportedly totaling $59 million – merely represented a ‘conditional opportunity’ to purchase a phone if Trump Mobile ultimately decided to sell one.
The company had originally planned to launch the device last August.
Nearly 10 months later, it announced this week that the phones would begin shipping – though observers quickly noticed the company had disabled comments beneath the post.
The move may have been aimed at limiting mounting backlash over months of silence surrounding the rollout.
