Airtel, India’s third-largest mobile network, has found a bug that could endanger the personal data of its more than 30 million users.
This technical error was found in Airtel’s mobile app application program interface (API), whereby hackers were able to retrieve information about users by resorting to numbers.
The information included information such as name, date of birth, email, address, subscription and IMI number.
BBC reported to Airtel the issue after which the company corrected it.
An Airtel spokesperson told the BBC: ‘One of our experimental APIs had a technical problem. As soon as we were informed about it, we fixed it. ‘
Rising incidents of ransom through hacking, experts warn
If Bluetooth is turned on, information may be stolen
The spokesman said: ‘Airtel’s digital platform is extremely secure. Consumer privacy is very important to us and we make the best possible arrangements to ensure the security of our digital platform. ‘
The issue was tracked by independent security researcher Ahraz Ahmed. He told the BBC: ‘It only took me 15 minutes to detect this error.’
He also stated that due to this bug, the above information besides the users’ IMEI number could be traced.
Keep in mind that the IMEI number is a unique number that is assigned to each mobile device separately.
How serious was this problem?
According to a report by India Telecom Regulatory Authority (TRAI), by the end of 2019, Airtel had about 32 million 50 million users and was the third largest in terms of Vodafone Idea’s 37 million 20 million users and Reliance Jio’s 35 million users. Company.
In October this year, a local search service called Just Dial detected a flaw in its API. This technological flaw could have affected its 155 million users in India.
Just dial acknowledged that due to this technical error an expert could access any information.
What does the law say?
There is no specific data protection law in India.
However, on the basis of the European Union’s General Data Protection Regulation (GDPR), the government drafted a personal data protection law in 2018 known as the Personal Data Protection Bill.
The proposed law proposes rules for collecting, processing and storing data, including fines and compensation provisions.
The Cabinet, chaired by Prime Minister Narendra Modi, approved the Personal Data Protection Bill December 4.
Union Minister Parkash Javadekar said at a press conference after the cabinet meeting on Wednesday: ‘I will not be able to give more details about this bill as it will be presented to Parliament soon.’