IndiarandomTelecom

Tata Indicom Hack – Anyone can see anyone’s details!

By Arun Prabhudesai
17

Disclaimer: This post is essentially to let Tata Indicom know that they have serious security hole in their website. They need to get in touch with us urgently, so we can make them aware of what this security flaw is.

Just came to know about this from twitter user @surajkala. He has found a hole in Tata Indicom’s website where anyone can very easily view & download Bill details / previous transactions of any of Tata Indicom’s users. You just need to enter the Tata Indicom Account Number (even photon/photon+/whiz will do).

Initially, I embedded the form within this page, where visitors could check for themselves – however, I am not doing this to create issues for Tata Indicom – Rather, I want them to know about it and fix it at the earliest. Please leave a comment if you want to test out and I can share the details of how you can view details.

Below is the screenshot of how you can gain access to anyone’s details

Tata-Indicom-hack

Once you enter the your Tata Indicom Account Number, following details will be displayed. [click on image to zoom]

Random Tata Indicom Account Details 1

Bill-Details

Random Tata Indicom Account Details 2

Bill-Details1

Not only can you see the details, you can actually download the entire bill and see complete demographic information of the user itself (address / tel no. etc)

Screenshot for Tata Photon Internet Usage

Tata-Photon-Usage

If you want to test to see if your own details are visible or not – please let me know and I will give you the url from where you can access it.

Note to Tata Indicom: Please fix this at earliest – It is one of the easiest hacks that even a novice can gain access to..!

Arun Prabhudesai 1553 posts 854 comments

Arun Prabhudesai is founder / chief editor at trak.in. He jumped the Entrepreneurship bandwagon in early 2008 after a long 13 year stint in I.T Industry. You can follow him on twitter @trakin and Facebook.
Arun’s Google+ Profile

You might also like More from author
17 Comments
  1. Narasingha Mahasuar says

    can i check my call details from 01/12/2012 to till date.

    Reply
  2. neha sharma says

    hi, i want to see call detail. plz show me this main page.

    Reply
  3. neha sharma says

    hi, i want call detail according to ur websit plz help me to show this main page.

    Reply
  4. ag3nthunt says

    Lol….i laugh a lot after seeing this page !

    i discovered the manipulation of URL trick long back ,

    small tweak in account number or indicom number could
    show the billing details not a big blah.

    Not much is DISCLOSED except the billing and if it is postpaid
    address is disclosed along with call records.

    kiddy hack got some responses how ever.

    TATA site admins dont worry abt this as it doesnt effect any issue
    in the site or services !

    Reply
  5. khusnud akhtar says

    I am a Tata Indicom customer and do access Tata Indicom website to view my usage details but I don’t think I can view other customer details. It requires respective persons Login id and password to view the same.Please provide the URL to test the same

    Reply
  6. Mukthar says

    Hi Arun,

    I am a Tata Indicom customer and do access Tata Indicom website to view my usage details but I don’t think I can view other customer details. It requires respective persons Login id and password to view the same.

    Please provide the URL to test the same.

    Regards
    Mukthar

    Reply
  7. Arun Prabhudesai says

    They have already called me and fixing it…. so it may not be of much of help… But its nice to see that Tata indicom guys are quite responsive and have close eye on what being written about then…kudos to them…unlike HDFC who took more than 22 days to respond and fix the issue…

    Reply
  8. Arun Prabhudesai says

    They have already called me and fixing it…. so it may not be of much of help… But its nice to see that Tata indicom guys are quite responsive and have close eye on what being written about then…kudos to them…unlike HDFC who took more than 22 days to respond and fix the issue…

    Reply
  9. Pranab Doley says

    Hello Arun! Can you give me the URL from where I can access it! Just curious to check if my Photon+ details! Thanks in advance!

    Reply
  10. Pranab Doley says

    Hello Arun! Can you give me the URL from where I can access it! Just curious to check if my Photon+ details! Thanks in advance!

    Reply
  11. Pranab Doley says

    Hello Arun! Can you give me the URL from where I can access it! Just curious to check if my Photon+ details! Thanks in advance!

    Reply
  12. Pranab Doley says

    Hello Arun! Can you give me the URL from where I can access it! Just curious to check if my Photon+ details! Thanks in advance!

    Reply
  13. Pranab Doley says

    Hello Arun! Can you give me the URL from where I can access it! Just curious to check if my Photon+ details! Thanks in advance!

    Reply
    1. Arun Prabhudesai says

      They have already called me and fixing it…. so it may not be of much of help… But its nice to see that Tata indicom guys are quite responsive and have close eye on what being written about then…kudos to them…unlike HDFC who took more than 22 days to respond and fix the issue…

      Reply
    2. Pranab Doley says

      The http://interface.co.in (Most of Tata's websites are developed by that firm) guys will now have to burst their butts fixing this bug :)

      Reply
  14. G Vishnu Vardhan Reddy says

    omg! however I am not shocked coz when a reputed top notch HDFC is hacked then why not tata indicom which is a shit in its line?

    Reply
  15. G Vishnu Vardhan Reddy says

    omg! however I am not shocked coz when a reputed top notch HDFC is hacked then why not tata indicom which is a shit in its line?

    Reply

Reply To Arun Prabhudesai
Cancel Reply

Your email address will not be published.

who's online