Airtel, India’s Telecom giant, had an API (Application Program Interface) based vulnerability in the MyAirtel application that risked 300 million users.
Airtel Data Breach leaves 300 Million users at risk!
A Bengaluru based Cybersecurity enthusiast, Ehraz Ahmed reportedly found the vulnerability exposing details like IMEI number, Connection Type, Device Information, Personal Information such as First name, Last name, Contact Address, Gender, Email and so forth.
Bharti Airtel Limited is the third-largest mobile network operator in India, According to Telecom Regulatory Authority of India, withhold of near 370 million subscribers by the end of September 2019.
Ehraz reached out to BBC with the Proof of Concept and video to the BBC, which brought this vulnerability to the public. The leak of this vital information could have lead to a data breach that would have cost the company and the customers of Airtel.
A recent CIO survey by Forcepoint and Frost & Sullivan states that around 69% of Indian companies are prone to Data breaches, and 44% of the listed companies have already been breached, leaving India to be the world’s second most cyber-attack likely country in the world.
He claims that he found this vulnerability in just 15 mins and had added a script that would retrieve the details of the user by just providing the phone number of the user.
An Airtel spokesperson told the BBC, “There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice, Airtel’s digital platforms are highly secure. Customer privacy is of paramount importance to us, and we deploy the best of solutions to ensure the security of our digital platforms,” the spokesperson added.