A vulnerability in Verizon's Call Filter API allowed users to potentially access the incoming call logs of other Verizon Wireless customers. Security researcher Evan Connelly discovered in February 2025 that the API endpoint used by the Call Filter app to retrieve a user's call history did not verify the phone number in the request against the logged-in user's phone number. As a result, by manipulating the `X-Ceq-MDN` header, any user could have requested and viewed the incoming call history of a different Verizon phone number using their own valid authentication token. Verizon addressed and patched this flaw in mid-March, stating that it only impacted iOS devices and that there was no indication of exploitation. This incident highlights potential risks associated with API security and the handling of sensitive call data.