Airtel Accepts Security Flaw Compromising Over 300 Million Accounts
Telecom major Bharti Airtel has acknowledged a security bug in its mobile app that could have exposed the personal data of its nearly 325 million customer base. However, the flaw has been fixed once it was brought to the telco's attention.
Bengaluru-based independent security researcher Ehraz Ahmed discovered the flaw in the Application Program Interface (API) of Airtel's smartphone app, that could have been used by hackers to fetch sensitive user information of any Airtel subscriber using just mobile number.
“Every user that is on India’s Airtel network was at risk of getting his information leaked through this vulnerability, and risking over 325.5 million subscribers in India,” Ahmed stated on his blog. The flaw revealed information like names, emails, birthday, residential address, and the IMEI number of the device on which the app was installed. It took Ahmed about 15 minutes to find the flaw. He has also posted a video, which shows a script being used to fetch the information from the Airtel mobile app’s API. Speaking to the BBC, an Airtel spokesperson said: "There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice."
Also Read:
“Every user that is on India’s Airtel network was at risk of getting his information leaked through this vulnerability, and risking over 325.5 million subscribers in India,” Ahmed stated on his blog. The flaw revealed information like names, emails, birthday, residential address, and the IMEI number of the device on which the app was installed. It took Ahmed about 15 minutes to find the flaw. He has also posted a video, which shows a script being used to fetch the information from the Airtel mobile app’s API. Speaking to the BBC, an Airtel spokesperson said: "There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice."
Latest Videos
