Disclaimer: This post is essentially to let Tata Indicom know that they have serious security hole in their website. They need to get in touch with us urgently, so we can make them aware of what this security flaw is.
Just came to know about this from twitter user @surajkala. He has found a hole in Tata Indicom’s website where anyone can very easily view & download Bill details / previous transactions of any of Tata Indicom’s users. You just need to enter the Tata Indicom Account Number (even photon/photon+/whiz will do).
Initially, I embedded the form within this page, where visitors could check for themselves – however, I am not doing this to create issues for Tata Indicom – Rather, I want them to know about it and fix it at the earliest. Please leave a comment if you want to test out and I can share the details of how you can view details.
Below is the screenshot of how you can gain access to anyone’s details
Once you enter the your Tata Indicom Account Number, following details will be displayed. [click on image to zoom]
Random Tata Indicom Account Details 1
Random Tata Indicom Account Details 2
Not only can you see the details, you can actually download the entire bill and see complete demographic information of the user itself (address / tel no. etc)
Screenshot for Tata Photon Internet Usage
If you want to test to see if your own details are visible or not – please let me know and I will give you the url from where you can access it.
Note to Tata Indicom: Please fix this at earliest – It is one of the easiest hacks that even a novice can gain access to..!