Bengaluru man helps Airtel fix flaw that left 30 crore users vulnerable to hackers

The flaw in the Airtel mobile app allowed personal information such as the name of users, emails, birthday, residential address and the IMEI number of the device to be accessed by hackers.

Published: 07th December 2019 07:31 PM  |   Last Updated: 07th December 2019 07:31 PM   |  A+A-

Bharti Airtel. (File photo | Reuters)

Telecom major Bharti Airtel. (File Photo)

By Online Desk

Airtel has fixed a security flaw that could have affected 30 crore users of the telecom provider's services. The flaw was discovered by a Bengaluru-based security researcher, Ehraz Ahmed.

The flaw in the Airtel mobile app allowed personal information such as the name of users, emails, birthday, residential address and the IMEI number of the device on which the app was installed to be accessed by hackers.

It was fixed once it was brought to Airtel's attention by Ahmed. "The flaw exists in one of their API that allows you to fetch sensitive user information of any Airtel subscriber. It revealed information like First & Last Name, Gender, Email, Date of Birth, Address, Subscription Information, Device Capability information for 4G, 3G & GPRS, Network Information, Activation Date, User Type [Prepaid/Postpaid] And Current IMEI number," Ahmed told Gadgets360.

The flaw was spotted in the mobile app's API (application programming interface)  and could have been misused to access personal data of users leaving them vulnerable to spam and targeted attacks. Ahmed also added that the API in question was used in Airtel's mobile app to fetch user information and could affect 32.5 crore people. The vulnerability did not impact users via Airtel's website. 

Airtel has now claimed to have fixed the issue after it was notified. “There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice,” an Airtel spokesperson was quoted as saying by BBC. 

Airtel has also added that the telco's digital platforms are highly secure.

“Customer privacy is of paramount importance to us and we deploy the best of solutions to ensure the security of our digital platforms,” the Airtel spokesperson added. 


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp