While helping a friend with True Wireless troubleshoot a cell phone issue, I tried to sign into their customer portal. Turns out online access is not setup until the user first logs in and sets a password. The problem is all it requires is the phone number and the service zip code to gain access. The reason this is so worrisome is True Wireless is a provider for free cellular service for disabled people. Most of these people don't use the customer portal, so many account are probably in this insecure open access state.
The portal include customer's name, address, and all inbound and outbound calls in clear .csv format. Is this typical for small providers? IMO it is a breach of FCC CPNI rules. Before I filed a complaint, I wanted other people's opinion. Also, I wanted to warn others that may use them as a provider.