Airtel’s mobile app had a serious security flaw that likely exposed the data of its nearly 325 million customer base. This would include personal information such as names, emails, birthdays, addresses, even IMEI numbers of their mobile devices. Airtel has acknowledged the issue on its mobile app and issued a fix for the same as well.
The bug was in the Application Program Interface (API) of Airtel’s mobile app, according to independent security researcher Ehraz Ahmed, who told the BBC that it took him about 15 minutes to find the flaw. Ahmed has also posted a video, which shows a script being used to fetch the information from the Airtel mobile app’s API.
He also stated on his blog that the video and case study were only made public after the issue was acknowledged and fixed by Airtel. According to the report on BBC the flaw would have allowed hackers to access subscriber’s details such as names, emails, birthdays and addresses by simply using just their mobile numbers.
In addition to the personal data subscriber’s International Mobile Equipment Identity (IMEI) numbers were also available. All of this data could have been used by hackers to get access to mobile phones of the users. Indianexpress.com also reached out to Airtel for an official statement.
“There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice. Airtel’s digital platforms are highly secure. Customer privacy is of paramount importance to us and we deploy the best of solutions to ensure the security of our digital platforms,” an Airtel spokesperson said in response.
The privacy scare on Airtel’s mobile app will raise some serious questions given that the company is the third-largest telecom operator in India, according to TRAI’s data. The biggest telecom operator in India right now is Vodafone-Idea with 372 million active subscribers followed by Reliance Jio with 355 million active users. For Airtel mobile app users, it is recommended they upgrade to the latest version of the app.