computer Security

Airtel Mobile App Security Flaw Exposes Data of Over 32 Crore Subscribers

Airtel fixed a security flaw with its mobile app that could expose data of over 32 crore subscribers. The flaw resides with their API used to fetch sensitive data of Airtel subscribers.

The bug was reported by an independent security researcher Ehraz Ahmed, he claims that “sensitive user information” can be exposed. Airtel confirmed the bug and it was addressed.

“There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice,” said Airtel spokesperson told the BBC.

Information Disclosure Vulnerability

The security flaw could allow an attacker to fetch sensitive data of the subscribers, by having the details attackers can launch targeted attacks.

Following are the details that can be revealed includes “First & Last Name, Gender, Email, Date of Birth, Address, Subscription Information, Device Capability information for 4G, 3G & GPRS, Network Information, Activation Date, User Type [Prepaid/Postpaid] And Current IMEI number.”

The vulnerability poses risk to every Airtel network user, a possible chance of getting their information exposed.

Ahmed also shared a video that demonstrates, how the script made by him requests the API and fetches the user data.

Airtel spokesperson said, “Airtel’s digital platforms are highly secure. Customer privacy is of paramount importance to us and we deploy the best of solutions to ensure the security of our digital platforms.”

Airtel is the third-largest provider next to Vodafone and Jio with more than 411.42 million subscribers.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also read

Debian 10.2 “buster” Released With Several Bug Fixes and Security Updates


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

Defend Ransomware Attacks With Top Effective Proactive Measures in 2024

We're currently living in an age where digital threats loom large. Among these, ransomware has…

43 seconds ago

GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability

Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…

17 hours ago

Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks

Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…

17 hours ago

Vigil: Open-source Security Scanner for LLM Models Like ChatGPT

An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…

18 hours ago

Slovenia’s Biggest Power Provider has Suffered a Cyberattack

One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…

18 hours ago

Genesis Market Technique: Hackers Exploited Node.js and EV Certificates

In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…

20 hours ago