Airtel Unintentionally Would Have Leaked 300M+ User’s Personal Data | A Bug in Airtel App

0

According to the recent survey conducted by TRAI (Telecom Regulatory Authority of India), it was found that Airtel has set the new benchmarks with an active user population of approx 325 Million subscribers by the end of September 2019. With these numbers of active subscribers, it is the third-largest Telecom company after Vodafone-Idea (372 Million users) and Jio (355 Million users).

Additionally, the company operates in a total of 20 countries, including South Asia and Africa. Bharti Airtel has been escalating its network across different regions of the world, making it the third-largest telecom operator in the world.

And when it comes to User Data Protection, Airtel has always been the top-notch service provider with personal data security as their most prominent aspect. But recently something unfortunate happened with Airtel in their My Airtel mobile app.

Read the BBC Headline!

“A bug was found in India’s third-largest mobile network, which could have exposed the personal data of more than 300 million users.”

– said the BBC reporter.

airtel-app-bug

[Image Source]

Read on the further news by BBC:

The flaw, discovered in the Application Program Interface (API) of Airtel’s mobile app, could have been used by hackers to access subscribers’ information using just their numbers.

That information included things like names, emails, birthdays, and addresses.

The flaw was fixed after the BBC highlighted the issue to Airtel.

“There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice,” an Airtel spokesperson told the BBC.

“Airtel’s digital platforms are highly secure. Customer privacy is of paramount importance to us, and we deploy the best of solutions to ensure the security of our digital platforms,” the spokesperson added.

Independent security researcher Ehraz Ahmed found the flaw. “It took me 15 minutes to find this flaw,” he told the BBC.

Along with the information above, customers’ International Mobile Equipment Identity (IMEI) numbers were also accessible. The IMEI number is a unique numerical identifier for every mobile device.

Legal Lawsuits on Data Protection

The noticeable part! India doesn’t have any specific or pre-established legislation for dealing with Data Protection by large corporate organizations. Eventually, there is no written or declared law that deals with data protection.

Since there is no law residing in the native country, Indian govt in line with the European Union’s General Data Protection Regulation (GDPR), the government introduced a draft personal data protection law called the Personal Data Protection Bill in 2018.

On 4 December, the federal cabinet headed by Prime Minister Narendra Modi approved the Personal Data Protection Bill.

Further, this protection bill proposed the rules on the collection, processing, and storage of personal data, along with penalties, compensation, and a code of conduct.

Federal minister Prakash Javadekar statement on the bill:

“Will not be able to share more details about the bill as it will be introduced in the Parliament soon.”

Source: BBC

LEAVE A REPLY

Please enter your comment!
Please enter your name here