Bug Bounty Programs

Researchers,

Effective immediately, we are temporarily excluding IDORs ("Auth Bypass caused by IDOR") from the In-Scope category on ( *.tfb.t-mobile.com & *.api.t-mobile.com ) due to internal changes being made to our API structures. If you reported an IDOR vulnerability before this update, we will review and accept it if relevant.

We value your diligent efforts in uncovering these API-related concerns, and we will soon reinstate the scope for IDORs.

You are welcome to report any IDORs you discover; however, please be aware that financial rewards will not be provided.

Thanks,
T-VULNHNTR