A bug was found in Airtel, India’s third largest mobile network, which could put the personal data of its more than 300 million users at risk.
This technical flaw was found in the application program interface (API) of Airtel’s mobile app. Through this, hackers were able to get information of customers only through numbers.
These information included things like name, date of birth, email, address, subscription related information and IMEI number.
The BBC informed Airtel about this bug after which the company fixed it.
A spokesperson for Airtel told the BBC, “One of our testing APIs had a technical problem. As soon as this was brought to our attention, we fixed it.”
The spokesperson said, “Airtel’s digital platform is highly secure. Customer privacy is very important to us and we make the best possible arrangements to ensure the security of our digital platform.”
The bug was detected by independent security researcher Ehraz Ahmed. He told the BBC, “It took me only 15 minutes to find this flaw.”
Apart from the information mentioned above, the IMEI number of consumers could also be traced. IMEI number is a unique number assigned to every mobile device.
How serious could it be?
According to the Telecom Regulatory Authority of India (TRAI) report, by the end of 2019, Airtel had around 32.5 million subscribers. Airtel is the third major customer in terms of customers after Vodafone-Idea (37.52 million) and Reliance Jio (35.5 million).
In October this year, a local search service named Just Dial detected a flaw in its API. This drawback could have affected 15 million 60 million users in India.
Just Dial admitted that an expert hacker could gain access to certain information due to this bug.
What does the law say?
There is no specific law for data security in India.
However, on the lines of the European Union’s General Data Protection Regulation (GDPR), the government in 2018 drafted a private data protection law known as the Personal Data Protection Bill.
This proposed law has suggested rules for collecting, processing and storing data, which have provisions for penalties and compensation.
The Union Cabinet chaired by Paddy Minister Narendra Modi has approved the Private Data Protection Bill on December 4.
“I will not be able to give more information about the bill as it will be introduced in Parliament soon,” Union Minister Prakash Javadekar told a press conference after a Cabinet meeting on Wednesday.