Vodafone Idea user data breached claims cyber security firm; telco says no
Vodafone Idea (VI), which happens to be one of the major telecom companies in India, might have exposed sensitive and confidential information of more than 30.1 crore people, according to CyberX9, a cyber security research team. The telco has denied any data breach on its part.
According to CyberX9, a security vulnerability in Vodafone Idea’s network may have exposed information like call logs, SMS records, location details, phone number, full name, alternate contact number, bill payment transaction details, residential address and internet usage, plan details and more.
The research team went on to say that even after reporting these critical vulnerabilities, the company did not fix them for several days.
CyberX9 said the “vulnerabilities discovered were improper authorisation and insecure direct object references (IDOR) vulnerabilities, leading to exposing the massive amount of sensitive data to the whole internet.” The report also says the vulnerabilities might be used hackers and malicious attackers since the last two years.
But VI denied any such breach. A company spokesperson said in a statement to , “There is no data breach as alleged in the report. The report is false and malicious. Vi has a robust IT security framework to keep our customer data safe. We regularly conduct checks and audits to further strengthen our security framework. We learnt about a potential vulnerability in billing communication. This was immediately fixed and a thorough forensic analysis was conducted to ascertain no data breach. We have notified appropriate agencies and made due disclosures. Vi customer data remains fully safe and secure.”
The research team said that after asking Vodafone Idea several times to fix the vulnerabilities, they contacted CERT-In, NCIIPC, TRAI and other regulatory authorities on August 24 and shared a detailed report about the discovered vulnerabilities.
