A website flaw allowed access to a customer’s data by guessing their phone number, Motherboard reports.