CyberX9 Says Data of 20 Million Vodafone Idea Postpaid Customers Exposed; Telco denies any claim – The New Indian Express

0

By PTI

NEW DELHI: Multiple vulnerabilities in telecom operator Vodafone Idea’s system have exposed call data records of around 20 million postpaid customers, cybersecurity research firm CyberX9 said in a report.

Vodafone Idea (Vi), however, said there was no data breach and the potential vulnerability in its billing communication was immediately remedied after being notified.

According to the CyberX9 report, the vulnerability exposed call data records of postpaid customers, including the time a call was made, the duration of the call, the location from which the call was made , the full name and address of the customer, the details of the SMS including the contact number to which it was sent, among others.

CyberX9 Founder and CEO Himanshu Pathak told PTI that the company shared its full findings with Vodafone Idea via email and a company official acknowledged the vulnerability on August 24. .

Pathak said CyberX9 reported details to Vi on August 22.

“Later on August 22, 2022, Vi confirmed receipt of our report. Vodafone Idea acknowledged the vulnerabilities discovered and reported by us on August 24, 2022,” Pathak said.

When contacted, Vodafone Idea said: “There is no data breach as alleged in the report. The report is false and malicious. Vi has a robust IT security framework to protect data of our customers.”

“We regularly perform checks and audits to further strengthen our security framework. We discovered a potential vulnerability in billing communication. there was no data breach,” he said.

The company further said it has notified the potential vulnerability to the appropriate agencies and made the necessary disclosures, adding that “Vi’s customer data remains entirely safe and secure.”

The company also disclosed the vulnerability on its website.

However, CyberX9 disputed the claim.

“Vi had been exposing millions of customer call logs and other sensitive data for at least about two years. During that massive time, multiple criminal hackers could have stolen that data.”

“It is an absurd and baseless assertion by Vi that they performed a forensic audit and no breach was found. Such a detailed forensic audit would take at least a few months to complete,” said CyberX9.

The CyberX9 report claimed that around 301 million people’s data was exposed due to this vulnerability.

CyberX9 discovered that the call data records of 20.6 million Vi postpaid customers were exposed.

This included personal data, call records, SMS records, internet usage records and roaming details.

The cybersecurity firm said the personal data of 55 million people, including those who quit Vi and those who only expressed an interest in getting a Vi login, was at risk.

NEW DELHI: Multiple vulnerabilities in telecom operator Vodafone Idea’s system have exposed call data records of around 20 million postpaid customers, cybersecurity research firm CyberX9 said in a report. Vodafone Idea (Vi), however, said there was no data breach and the potential vulnerability in its billing communication was immediately remedied after being notified. According to the CyberX9 report, the vulnerability exposed call data records of postpaid customers, including the time a call was made, the duration of the call, the location from which the call was made , the full name and address of the customer, the details of the SMS including the contact number to which it was sent, among others. CyberX9 Founder and CEO Himanshu Pathak told PTI that the company shared its full findings with Vodafone Idea via email and a company official acknowledged the vulnerability on August 24. . Pathak said CyberX9 reported details to Vi on August 22. 2022, Vi has confirmed receipt of our report. Vodafone Idea has acknowledged the vulnerabilities discovered and reported by us on August 24, 2022,” Pathak said. When contacted, Vodafone Idea said: “There is no data breach as alleged in the report. The report is false and malicious. Vi has a robust IT security framework to protect data of our customers.” “We regularly perform checks and audits to further strengthen our security framework. We discovered a potential vulnerability in billing communication. there was no data breach,” he said. The company further said it has notified the potential vulnerability to the appropriate agencies and made the necessary disclosures, adding that “Vi’s customer data remains entirely safe and secure.” The company also disclosed the vulnerability on its website. However, CyberX9 disputed the claim. “Vi had been exposing millions of customer call logs and other sensitive data for at least about two years. During that massive time, multiple criminal hackers could have stolen that data.” “It is an absurd and baseless assertion by Vi that they performed a forensic audit and no violations were found. Such a detailed forensic audit would take at least a few months to complete,” said CyberX9. The CyberX9 report claimed that around 301 million people’s data was exposed due to this vulnerability. CyberX9 discovered that the call data records of 20.6 million Vi postpaid customers were exposed. This included personal data, call records, SMS records, internet usage records and roaming details. The cybersecurity firm said the personal data of 55 million people, including those who quit Vi and those who only expressed an interest in getting a Vi login, was at risk.

Share.

About Author

Comments are closed.