Airtel is the latest telecom operator to sport a vulnerability in its app and this issue is likely to have affected over 300 million users on its network in India. Ehraz Ahmed, a security researcher quoted in this BBC report on Saturday, discovered and alerted users about this bug.
The flaw was discovered in one of the Application Program Interfaces (APIs) of the Airtel mobile app, which is used by millions in the country, which has access to their email ID, the International Mobile Equipment Identity or IMEI number, name and confidential details like date of birth as well.
Ahmed told BBC that it took him less than 15 minutes to find the bug, which could have allowed hackers to access user details. These days, hackers sell user databases to the highest bidder on the dark web.
After reaching out to Airtel, the telecom operator did confirm the vulnerability, but it also claims that the issue has been fixed from its end.
There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice.Airtel spokesperson to BBC
It also said that the digital security of its users is a high priority aspect of their day-to-day functioning.
Airtel’s digital platforms are highly secure. Customer privacy is of paramount importance to us and we deploy the best of solutions to ensure the security of our digital platforms.Airtel spokesperson to BBC
This is a worrying trend for most digital-centric countries across the world, including India. Vulnerabilities are part and parcel of the issues faced by technology providers but their apparent neglect towards bug bounty programmes has ensured that many people prefer going public before reaching out to the affected entities.
What also doesn’t help is that you have a company with over 300 million users, and many of these are unlikely to ever know of such an occurrence. We’re hopeful that Airtel has reached out to each of its users personally and informed them about this supposed data mishap.
We’re already aware that nobody is immune to such issues, most notably WhatsApp, with over 1 billion users. It had to face the brunt of a sophisticated attack, after a bug allowed hackers to install spyware called Pegasus on users’ devices.
Data Protection Rights Long Over Due
We live in an age where we are the sum of the data we generate, so how our data is collected, stored, shared and used directly affects our daily lives.
This is why the Data Protection bill is a must-have, especially when such incidents occur, allowing the perpetrator to be held accountable, which in turn will ensure companies act responsibly and protect users’ data.
The Bill is expected to generate a lot of debate in Parliament and one hopes that the law will put citizens at the centre of a personal data protection law.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)