Airtel’s 32 Crore Indian Users’ Critical Data Exposed Via API Bug; Airtel Admits Mistake, Make It Right
Airtel’s 32 crore Indian users’ data stood exposed, in one of the biggest security-related breaches in the country.
Sensitive user details such as name, email id, phone numbers, even IMEI number were exposed in this breach.
Airtel has admitted the mistake, and took corrective action to rectify it.
How did this happen, and who discovered it?
Keep reading to find out more..
Airtel Users’ Data Exposed: 32 Crore Users Affected
This major security flaw was detected by an independent security researcher from Bengaluru: Ehraz Ahmed, who detailed the expose in his blog.
As per Ehraz, it took him just 15 minutes to find the vulnerability, and then he informed Airtel about this issue.
The bug was present in one of the APIs of Airtel, which could have been used by hackers to scoop out vital information about the users.
Explaining this breach, Ehraz in his blog said: “The flaw existed in one of their API that allows you to fetch sensitive user information of any Airtel subscriber.”
What Information Could Have Been Exposed?
APIs are computer programs, which are used to extract data from any database, and then use it for any purpose like displaying data, sharing them and more.
However, this information sharing is done via permissions, and in this breach, the data from APIs could have been accessed even without any permission.
Potentially, this hack could have been exposed:
First & Last Name
Date of Birth
Device Capability information for 4G, 3G
User Type [Prepaid/Postpaid]
Current IMEI number
Airtel Admits This Mistake, Makes It Correct
An Airtel spokesperson has said that the API was in a testing stage, and the error has been rectified.
Airtel said to BBC: “There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice,”
You can find more details about this security breach here.
We will keep you updated, as more details come in.