Airtel has fixed a security flaw that could have affected 30 crore users of the telecom provider's services. The flaw was discovered by a Bengaluru-based security researcher, Ehraz Ahmed.
The flaw in the Airtel mobile app allowed personal information such as the name of users, emails, birthday, residential address and the IMEI number of the device on which the app was installed to be accessed by hackers.
It was fixed once it was brought to Airtel's attention by Ahmed. "The flaw exists in one of their API that allows you to fetch sensitive user information of any Airtel subscriber. It revealed information like First & Last Name, Gender, Email, Date of Birth, Address, Subscription Information, Device Capability information for 4G, 3G & GPRS, Network Information, Activation Date, User Type [Prepaid/Postpaid] And Current IMEI number," Ahmed told Gadgets360.
The flaw was spotted in the mobile app's API (application programming interface) and could have been misused to access personal data of users leaving them vulnerable to spam and targeted attacks. Ahmed also added that the API in question was used in Airtel's mobile app to fetch user information and could affect 32.5 crore people. The vulnerability did not impact users via Airtel's website.
Airtel has now claimed to have fixed the issue after it was notified. “There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice,” an Airtel spokesperson was quoted as saying by BBC.
Airtel has also added that the telco's digital platforms are highly secure.
“Customer privacy is of paramount importance to us and we deploy the best of solutions to ensure the security of our digital platforms,” the Airtel spokesperson added.