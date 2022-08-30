Vi (formerly Vodafone Idea) has responded to a claim that a bug in its system caused a data breach. According to a cyber security research team, CyberX9's multiple critical security vulnerabilities "exposed customer's sensitive and confidential personal data including call logs of nearly 301 million (30.1 crores) customers to the whole internet". This allegedly includes data of 20 million postpaid Vi customers.

What has Vi said about the data breach allegations?

Livemint reports that Vi acknowledged a flaw in its billing communication system, though it fixed the issue "immediately". The report adds that Vi conducted a "thorough forensic analysis", which revealed there "was no data breach".

Vi also went a step ahead and called the research team's claims "false and malicious". In its defence, the telco said that it performs "regular checks" and audits are conducted to strengthen the security infrastructure.

Key highlights of CyberX9's research

In a blog post, CyberX9 said:

--Vi put millions of its customers' data (call logs, call duration, location from where the call was made, and phone number) at absolute risk and "damaged" their privacy of lives. The blog even calls the company careless "towards the security of customer data."

--It adds, "Exploitation of these vulnerabilities was very easily possible on a large scale by a malicious attacker".

--The report highlights that Vi left one of the main discovered vulnerabilities open for cyber attacks for the last two years.

--It indicates that Vi users' data for the last two years could've been breached.

--The research team shared details of the findings with Vi within a few hours of vulnerabilities being discovered.

Although it is tricky to know whether your data has been breached or not. Typically, when a company suffers a data breach, they inform users and highlight steps to ensure online privacy and protection. Since Vi denies claims in this matter, users won't receive anything from the company. Users can still visit websites like HaveIBeenPwned to see if their data was breached in a cyber attack.