Airtel mobile security vulnerability exposes data of 300 million customers

Airtel, which happens to be India’s third-largest Telecom Network is in news for all wrong reasons these days. The company which is reported to serve more than 300 Million users has admitted yesterday that an API security flaw in Airtel Smartphone app is said to have exposed sensitive information of its users to hackers.

However, the company claims that the mobile security flaw is now fixed and so users need not be concerned anymore about the issue.

Sources reporting to Cybersecurity Insiders say that Airtel App had a security bug that was discovered by an independent security researcher named Ehraz Ahmed after the Telco was notified by a news post by BBC.

“As soon as the technical API issue was brought to our notice, we addressed the issue and made the platform secure. For us customer privacy is important and we have deployed the best security solution to ensure that this incident never repeats in the future” confirmed Airtel to the BBC.

According to the details disclosed by the Bharti Airtel Limited, the security bug could have sensitive details of users such as name, gender, email, DOB, address, subscription details, device compatibility with 4G services, GPRS subscription status, network info, activation date, Prepaid or postpaid user type and IMEI number along with GPS location- only to those who have smartphones and have activated GPS location services on their respective devices.

To those who aren’t aware of the services provided by the Airtel app, the company claims that the app acts as a one-stop solution to Android and iOS platforms where users could recharge their mobiles, pay bills, subscribe to online services and watch unlimited entertainment.

Currently, there is no word on the number of impacted customers. However, the news is out that the financial details of a few of the Airtel subscribers were also available for access to customers.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display