[BreachExchange] Security flaw in Airtel’s mobile app exposes data of 32 crore subscribers

Destry Winant destry at riskbasedsecurity.com
Fri Dec 13 10:04:47 EST 2019


A major security breach in Airtel’s Mobile app left sensitive data of
300+ million subscribers vulnerable to hack. This bug, discovered by a
Bengaluru based independent security researcher Ehraz Ahmed, allowed
information to be accessed just with the help of a phone number.

Ehraz mentioned that it took him just 15 minutes to find the flaw
which used Airtel’s API to reveal information like name, gender,
email, date of birth, address, subscription information, device
capability information, network Information, activation Date,
connection type and even IMEI of the device.

Airtel has acknowledged the flaw and stated that it has been fixed as
soon as the company was alerted about it. The official statement from
Airtel states "There was a technical issue in one of our testing
APIs, which was addressed as soon as it was brought to our notice.
Airtel's digital platforms are highly secure.

Customer privacy is of paramount importance to us and we deploy the
best of solutions to ensure the security of our digital
platforms." Airtel is the third-largest private telecom provider
in the country after Vodafone-Idea and Jio with over 300 million
subscribers. The app in question is available for both iOS and Android
customers and is used to recharge, pay bills, offer detailed
information about plans and services and more. The company has not
shared any information about the number of users impacted by this flaw
or if any financial information has been compromised.

More information about the BreachExchange mailing list