The data of over 32 crore subscribers of telecom major Airtel were exposed and became vulnerable due to a security flaw in the mobile application of the telecom major.
A Bengaluru-based researcher called Ehraz Ahmed first noticed the fault and said in his blog written on Friday that the flaw existed in one of Airtel’s API (Application Program Interface), that allowed people to fetch sensitive user information of any Airtel subscriber.
ALSO READ: Assam: AJYCP to ‘Gherao’ Dispur on December 12
Confirming the breach, Airtel said that it has fixed the security flaw associated with its application. Ahmed also posted a video, which shows a script being used to fetch the information from the Airtel mobile app’s API.
Ahmed wrote in his blog, "It revealed information like First and Last Name, Gender, Email, Date of Birth, Address, Subscription Information, Device Capability information for 4G, 3G & GPRS, Network Information, Activation Date, User Type [Prepaid/Postpaid] And Current IMEI number."
ALSO READ: Assam: AASU Activists Vandalize AGP Office in Dibrugarh
The IMEI number can be used to identify the device of an user. According to the blog, every user on Airtel network was at the risk of getting his/her information leaked through this vulnerability.
Airtel is the third largest telecom service provider in the country, in terms of subscribers, after Vodafone-Idea and Reliance Jio.
Support Inside Northeast (InsideNE), an independent media platform that focuses on Citizen-centric stories from Northeast India that are surprising, inspiring, cinematic and emotionally relevant.
Readers like you make Inside Northeast’s work possible.
To support our brand of fearless and investigative journalism, support us HERE.
Download:
The Inside Northeast app HERE for News, Views, and Reviews from Northeast India.
Do keep following us for news on-the-go. We deliver the Northeast
Copyright©2024 Living Media India Limited. For reprint rights: Syndications Today