Flaw in Airtel's mobile app exposed data of 32 cr subscribers

by IANS |

New Delhi, Dec 7 (IANS) In yet another massive data breach incident, data of over 32 crore subscribers of telecom major Airtel were exposed and became vulnerable due to a serious security flaw in its mobile application.

Ehraz Ahmed, a Bengaluru-based researcher, who first noticed the fault, said in his blog written on Friday that the flaw existed in one of Airtel's API (Application Program Interface) that allowed people to fetch sensitive user information of any Airtel subscriber.

According to reports, Airtel confirmed the breach saying that it has fixed the security flaw associated with its application.

Ahmed also posted a video, which shows a script being used to fetch the information from the Airtel mobile app's API.

"It revealed information like First and Last Name, Gender, Email, Date of Birth, Address, Subscription Information, Device Capability information for 4G, 3G & GPRS, Network Information, Activation Date, User Type [Prepaid/Postpaid] And Current IMEI number," he wrote in his blog.

The IMEI number can be used to identify the device of an user.

According to the blog, every user on Airtel network was at the risk of getting his/her information leaked through this vulnerability.

Airtel is the third largest telecom service provider in the country in terms of subscribers after Vodafone-Idea and Reliance Jio.

Latest News
Russia's first space launch for 2020 delayed Sat, Jan 25, 2020, 10:37 AM
Coronavirus toll in China reaches 41, 1,287 infected Sat, Jan 25, 2020, 10:29 AM
Building collapses at Bhubaneswar airport, 1 killed Sat, Jan 25, 2020, 10:24 AM
TRS takes early leads in Telangana municipal polls Sat, Jan 25, 2020, 10:20 AM
Merkel praises Turkey's efforts in hosting Syrian refugees Fri, Jan 24, 2020, 11:29 PM
Trade wars could cause new global crisis, warns Italian PM Fri, Jan 24, 2020, 11:18 PM
EC orders FIR against Kapil Mishra over 'Mini-Pak' remark Fri, Jan 24, 2020, 11:00 PM
Congress to read out Preamble on Republic Day Fri, Jan 24, 2020, 10:52 PM
Kerala MP not to attend R-Day as Brazilian Prez the Chief Guest Fri, Jan 24, 2020, 10:49 PM
CEC Arora takes over as new chairman of FEMBoSA Fri, Jan 24, 2020, 10:44 PM
Govt should fund public education: HC on JNU fee hike Fri, Jan 24, 2020, 10:42 PM
Court rejects Jagan's plea for exemption from presence Fri, Jan 24, 2020, 10:38 PM
Tried to be Delhi's elder son in last 5 years: Kejriwal Fri, Jan 24, 2020, 10:29 PM
Assam Rifles DG to meet Shah on IPS officer's charge against jawan Fri, Jan 24, 2020, 10:28 PM
Aadhaar, hartal, chawl, shaadi included in Oxford dictionary Fri, Jan 24, 2020, 10:26 PM