While some hackers have their work cut out for them looking for their possible victims, some companies provide them with a good chance to prey on them. Recently, a Spanish firm Telefonica patched a vulnerability that leaked customers’ data online. Possibly, this Telefonica data breach exposed millions of records online for all.
Telefonica Data Breach Leaked Customers’ Data
The Spanish operator Telefonica suffered a security breach after which it corrected the error. Reportedly, the flaw had exposed millions of records online and anyone with a little technical knowledge could access the data.
Due to the security flaw, customer’s billing details remained accessible to anyone logged in with their account on the site. The breached details are said to include names, contact information, contact numbers, payment details, billing history, and anything which a standard bill should include. In fact, anyone could even download this entire data as an unencrypted CSV Excel sheet.
Though the company has patched the flaw, they also confirm no misuse of leaked data at this time.
Telefonica Patched The Flaw In Movistar Website
After being notified of the matter by FACUA, Telefonica quickly rectified the other before it could become known publicly. Yet, right after the rectification, FACUA disclosed the news online.
¡ATENCIÓN! Nombres, domicilios, líneas fijas y móviles, direcciones de correo electrónico y el desglose de llamadas de los clientes de Movistar han estado expuestos públicamente por el mayor agujero de seguridad de la historia de las telecomunicaciones. https://t.co/x6nypWTNmD
— FACUA (@facua) July 16, 2018
FACUA is a Spanish non-profit NGO dedicated for the defense of consumer rights. As explained in their blog, the security flaw in the Movistar website leaked the data. Anyone logged in to the site could see other accounts’ invoices by simply manipulating the receipt number.
According to FACUA [translated],
“When requesting the viewing of any invoice, the address of the browser (URL) passed to incorporate an alphanumeric code equivalent to the number of the receipt, which could be modified so that the page went to show the invoices of other customers.”
It is being called the ‘biggest security breach’ in this history of Spanish telecommunications.
Movistar, a Telefonica owned telecommunication brand, primarily operates in Spain, along with some other countries. Presently, it is the largest mobile phone operator in the country.
Let us know your thoughts in the comments section.