Koziol said the problems facing T-Mobile's Web site are common to companies that move quickly to open their corporate networks to the Internet through Web based applications, but added that T-Mobile's case is extreme.
"They haven't done Web Security 101. I see many mistakes that they make over and over again. They're mostly injection vulnerabilities -- people being able to insert (malicious) code where they shouldn't," he said.
The hack of T-Mobile's Web site may be an inevitable consequence of companies, including mobile phone providers, adding new features that put more power into the hands of their customers, said Justin Bingham, chief technology officer at Intrusic Inc.
"This (Web site) code may or may not have been properly reviewed. This isn't that technically sophisticated attack, but it has far reaching implications," he said.
Hilton's account was well publicized, but may not have been the first such compromise of T-Mobile's customer accounts, either, Bingham said.
"This is happening much more than we hear about. If it were my account that got hacked, nobody would post my information online, because 'Who cares?'" he said. "This underscores the fact that T-Mobile has a huge network and is servicing a huge chunk of customers, and that their network is wide open and could be completely hacked," Bingham said.