Canada based 4th largest wireless telecommunications provider ‘Freedom Mobile’ has made it official that a security lapse on one its servers has led to the information leak of more than 15000 customers. As the server wasn’t protected by any passwords there is a high probability that hackers or someone from the dark web could have gained access to the sensitive info.
Security researchers Ran Locar and Noam Rotem were the first to identify the vulnerability and published the details on vpnMentor.
According to sources familiar with the developments from Freedom Mobile the database was actually meant to determine errors and technical glitches on the company servers and stored all the data i.e. over 10 million log files of customers in plain text.
TechCrunch which first reported the matter to the world claims that details such as email address, phone numbers, postal addresses, date of births, and customer’s association with the company along with their account numbers were all available for access on the server.
What’s concerning on this whole issue is the fact that the logs contained answers to credit cheques paid through Equifax, including sensitive info of the application being accepted or rejected. Also, the credit card numbers, CVV numbers, and expiry dates were also reportedly stored in plain text- without encryption.
Chethan Lakshman, the spokesperson of Shaw Communications- a parent company of Freedom Mobile admitted that the details of more than 15k customers were affected in the incident.
Note- As per the latest financial filing, Freedom Mobile is said to have a database of more than 1.5 million customers across Canada.