The magazine said anyone could log in using sparse user information and a simple password, which employees at T-Punkt shops, as well as hackers, have access to.
A reporter at the magazine logged into the customer system and could look at and change names, addresses, and even bank details.
It would have been possible to lock out SIM cards and also change the tariffs paid – and even fix completely new payment authorisations.
Telekom confirmed the problem on Saturday, just a day after establishing a new post in the board for taking control of security following a previous abuse of customer data.