A security bug in the Airtel Mobile app, the official app of India’s telecom giant Bharti Airtel, exposed the personal information of millions of users, according to reports.
A Bengaluru based researcher, Ehraz Ahmed, first noticed the security flaw in the Airtel’s Application Program Interface (API). The bug enabled crooks to draw user’s sensitive information such as email ID, subscription information, IEMI number, etc.
Airtel fixed the security flaw once the issue was highlighted in news reports.
“There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice,” an Airtel spokesperson told BBC.
Information leaked of millions
In a blog post, Ehraz mentions the list of information leaked in the Airtel’s app data breach
- First & Last Name, Gender, Email, Date of Birth,
- Subscription Information
- Device Capability information for 4G, 3G; GPRS
- Network Information
- Activation Date
- User Type [Prepaid/Postpaid]
- Current IMEI number.
While the security flaw was located in the Airtel Mobile app, Ehraz writes that the flaw may have jeopardized data of telecom’s 325 million active users (September 2019).
Data breaches have become frighteningly common in recent times. Last month, OnePlus confirmed a security breach that enabled crooks to take out sensitive information from the OnePlus official website.