Business Today
Loading...

Airtel mobile app security flaw exposes personal data of 32 crore subscribers

Bengaluru-based independent cybersecurity researcher Ehraz Ahmed, who was the first to observe the technical glitch, said in his blog that the fault existed in Airtel's API (Application Program Interface) that enabled people to "to fetch sensitive user information of any Airtel subscriber."

twitter-logo BusinessToday.In        Last Updated: December 9, 2019  | 12:22 IST
Airtel mobile app security flaw exposes personal data of 32 crore subscribers
When contacted Bharti Airtel spokesperson acknowledged the flaw and said that it has been fixed as soon as the company was alerted about it

One of the mobile applications of Bharti Airtel has been found to have a security flaw compromising the data of nearly 32 crore subscribers. The telecom major, however, has claimed to have contained the data breach that exposed "sensitive user information".

Bengaluru-based independent cybersecurity researcher Ehraz Ahmed, who was the first to observe the technical glitch, said in his blog that the fault existed in Airtel's API (Application Program Interface) that enabled people to "to fetch sensitive user information of any Airtel subscriber."

He also released a video demonstrating a script being used to get information from the Airtel's mobile app's API.

Also Read:Bharti Telecom seeks Rs 4,900 crore FDI nod; infusion to make Airtel foreign entity

"It revealed information like first and last name, gender, email, date of birth, address, subscription information, device capability information for 4G, 3G & GPRS, network information, activation date, user type (prepaid or postpaid) and current IMEI number," Ahmed said in his blog.

The IMEI number is a unique number that can be used to identify the device of the user. "Every user that is on India's Airtel network was at risk of getting his information leaked through this vulnerability, and risking over 325.5 million subscribers in India," Ahmed said.

Also Read: Airtel removes cap on free outgoing call to other networks; announces 3 new prepaid plans

Meanwhile, when contacted Bharti Airtel spokesperson acknowledged the flaw and said that it was been fixed as soon as the company was alerted.

"There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice. Airtel's digital platforms are highly secure. Customer privacy is of paramount importance to us and we deploy the best of solutions to ensure the security of our digital platforms," Airtel spokesperson told PTI.

Also Read: Fake Google Play Store app could be running in your phone; here's how to check, uninstall

Youtube
  • Print

  • COMMENT
BT-Story-Page-B.gif
A    A   A
close