Airtel was hit with possibly the biggest security bug which could have left the telco’s 300+ million users’ data vulnerable. The security flaw existed in the API of Airtel smartphone app where sensitive information of Airtel users can be found.
Airtel’s security flaw was discovered by independent security researcher Ehraz Ahmed who said it took him just 15 minutes to find it. Airtel said it has now fixed the security flaw after the telco was notified by the BBC.
“There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice. Airtel’s digital platforms are highly secure. Customer privacy is of paramount importance to us and we deploy the best of solutions to ensure the security of our digital platforms” Airtel confirmed to the BBC.
According to the case study published by Ahmed, the security bug in Airtel’s app revealed user information like first and last name, gender, email, date of birth, address, subscription details, device compatibility for 4G, 3G and GPRS, network information, activation date, user type (prepaid/postpaid) and even the IMEI number.
Airtel has over 300 million subscribers in India making it the third largest telco after Vodafone-Idea and Reliance Jio. Airtel’s mobile app which is available on Android and iOS is a one stop platform for mobile plans, recharges and even entertainment. Users can pay their monthly mobile bill, recharge plans and more on the Airtel app. The security flaw has however not risked financial details of Airtel subscribers. There is no word on if or how many users were affected by the security flaw but it’s alarming considering the large subscriber base of Airtel in India.