Airtel Gets Rid Of Bug Granting Hackers Access To Personal Information

Airtel Gets Rid Of Bug Granting Hackers Access To Personal Information

SUMMARY

The vulnerability was first discovered by security researcher Ehraz Ahmed

Ahmed found a security flaw in an application program Interface (API) of Airtel’s app

Personal information such as users’ name, gender, email, address, etc was at risk because of the bug

In a major incident of a security breach, telecom giant Airtel was found to contain a security flaw, which made sensitive user information of any Airtel subscriber vulnerable. However, the company claimed that it fixed the flaw after it was brought to its notice.

The vulnerability, which was present in Airtel’s mobile application, was first discovered by an independent security researcher Ehraz Ahmed. According to a TOI report, Ahmed found a security flaw in an application program Interface (API) of Airtel’s mobile app, which is said to be behind the security breach.

In his case study on Airtel’s security flaw, Ahmed said that the flaw existed in one of their API. Interestingly, Ahmed has also published a proof of concept video of the flaw online to back his claim about the bug.

Moreover, Ahmed claimed that the flaw revealed personal information like users first and last name, gender, email, date of birth, address, subscription information, device capability information for 4G, 3G and GPRS, network information, activation date, user type — prepaid or postpaid, and current IMEI number of the device.

In response to the presence of a bug in its mobile app, an Airtel spokesperson said in a statement that there was a technical issue in one of Airtel’s testing APIs, which was addressed as soon as it was brought to the company’s notice. “Airtel’s digital platforms are highly secure. Customer privacy is of paramount importance to us and we deploy the best of solutions to ensure the security of our digital platforms,” the spokesperson added.

In India, Airtel trails behind only Vodafone Idea and Reliance Jio in terms of market share. With this security flaw, 325.5 million Airtel subscribers in India were put at risk of a data breach.

This is not the first time when Ahmed has discovered a security flaw in mobile apps. Recently, the cybersecurity researcher took to YouTube to highlight the vulnerability in JustDial’s mobile application. He further published a blog post that one of its internal APIs potentially allowed a hacker to log in to a user account bypassing the phone number verification. Earlier, he has also reported security flaws in platforms of Truecaller, Google, LinkedIn, Twitter, Netflix, among others.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Airtel Gets Rid Of Bug Granting Hackers Access To Personal Information-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Airtel Gets Rid Of Bug Granting Hackers Access To Personal Information-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Airtel Gets Rid Of Bug Granting Hackers Access To Personal Information-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Airtel Gets Rid Of Bug Granting Hackers Access To Personal Information-Inc42 Media
Airtel Gets Rid Of Bug Granting Hackers Access To Personal Information-Inc42 Media
You’re in Good company