‘Flaw in Airtel’s app may not have exposed user info’

Our Bureau Mumbai | Updated on December 08, 2019 Published on December 08, 2019


A security flaw in Airtel’s mobile application, pointed out by an ethical hacker, may not have compromised any user data.

While the flaw had the potential for possible misuse, there was no real impact because the Application Program Interface (API) was on a testing phase.

Ehraz Ahmed, who identifies himself as a fintech professional, a web security researcher and a former ethical hacker, had flagged the flaw in a blogpost on Saturday. “The flaw existed in one of their APIs that allows you to fetch sensitive user information of any Airtel subscriber. It revealed information such as first and last name, gender, email, date of birth, address, subscription information, device capability information for 4G, 3G and GPRS, network information, activation date, user type (Prepaid/Postpaid) and current IMEI number. The IMEI number can be used to identify the device of the user,” Ahmed said in his post.

‘Issue quickly addressed’

In a statement issued to BBC, which broke the news first, Airtel said, “There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice.”

According to company executives, since the flaw was in testing API, there was no real-time user information that was breached due to the flaw. This comes after the recent data breach disclosed by WhatsApp and Facebook.

Published on December 08, 2019
This article is closed for comments.
Please Email the Editor