Telecom operators in the country are spiking the mobile tariffs in the country. Amidst the backlash from users, Airtel has reported something that could worsen the situation. The company admitted that a major security lapse on its mobile app that could have exposed data of over 300 million users. Airtel admittedly said it has fixed the issue.
Airtel Confirms Mobile App Security Flaw
The vulnerability was found on the Airtel app's API and was exposed to exploitation by malicious parties. The flaw allowed access to personal data like user name, email, residential address, IMEI number of the device in user, and more with just the mobile number. Airtel says that the vulnerability has been fixed as soon as it got to know about the issue.
The security flaw on the Airtel mobile app was spotted by a security researcher, Ehraz Ahmed, based in Bengaluru. BBC reported that he took 15 minutes to find the flaw on the Airtel app. The researcher notes that the email of the users could also have been exposed and made it prone to spamming and other such targeted attacks.
Security researcher Ehraz Ahmed had previously found the vulnerability on the Truecaller app. Similarly, the app could have exposed user information to a hacker. Truecaller had similarly said to have fixed the security lapse.
Airtel Fixes Issue: Is It Secure Enough?
On hearing about the security flaw, Airtel claims to have fixed the issue after being notified by BBC. An Airtel spokesperson told BBC that "there was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice." The company further added that its digital platforms are 'highly secure'.
Airtel was quoted saying that customer privacy is of utmost importance to the company and "we deploy the best of solutions to ensure the security of our digital platforms." Despite fixing the issue, it remains an open question if there was a data breach. Airtel hasn't commented if the 300 million customer data is secure or not.