- Cybersecurity research firm CyberX9 claims Vi suffered a data breach, exposing sensitive data of customers.
- The data includes call logs, SMS records, internet usage details, and more.
- The telecom operator has denied any data breach and claimed the report to be fake and malicious.
Multiple vulnerabilities in the Vodafone Idea (Vi) system have apparently exposed its customers’ personal data including call logs of nearly 301 million people (including all of its 20.6 million postpaid users over the last two years), according to cybersecurity research firm CyberX9 in a new report (via). The firm even asked the government to order an independent and fair security audit of Vi as it has been exposing sensitive data for at least the last two years. However, the telecom operator has denied any data leak and said the report was “fake and malicious.”
The report further claimed the Vi data leak is not limited to call logs, but also exposed other phone numbers customers talked to, duration, all SMS records, internet usage details, location details, full name, Vi phone number, residential address, alternate contact number, bill payment transaction details, plan details, bill details, credit limit and more.
Vi data leak details
Cybersecurity research firm, CyberX9 claims that Vodafone idea customers’ data has been leaked, which exposed sensitive data like call logs, SMS records, duration, internet usage details, and much more. The report says that it shared the findings of the data breach with Vi on August 22nd and that it acknowledged the vulnerability on August 24th. Rejecting the report as false and malicious, Vi said that it has a robust IT security framework to keep customer data safe and regularly conducts checks and audits to further strengthen its security framework.
“We learnt about a potential vulnerability in billing communication. This was immediately fixed, and a thorough forensic analysis was conducted to ascertain no data breach. We have notified appropriate agencies and made due disclosures. Vi customer data remains fully safe and secure,” said the company said in a statement.
On the other hand, CyberX9 in its report claimed the discovered vulnerabilities in Vi’s systems were “Extremely easy to discover and exploit by anyone with good computer knowledge. The vulnerabilities discovered were improper authorisation and IDOR (insecure direct object references) vulnerabilities, leading to exposing a massive amount of sensitive data to the whole internet. There is a high potential that these vulnerabilities were used in this ~2-year timeframe by malicious hackers to steal all the data,” the report stated.