SQL Injection Exposed Data From Canadian ISP – Altima Telecom

  • 187
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    187
    Shares

Handling customer data requires a lot of caution by organizations. A slight negligence or glitch in the data security system could result in devastating losses. It is only a matter of luck for an organization if a white-hat hacker or security researcher identifies a flaw before a malicious exploit occurs.

Altima Telecom Exposed Customer Data

Canadian telecommunication company Altima Telecom exposed customer data to the public. The problem appeared due to a glitch in its website, exploiting this glitch could allow an attacker to access the entire customer database of the firm.

Security researcher Daley Borda discovered this flaw which he reported to TechCrunch. According to his findings, the problem appeared due to the link between the firm’s website and database. This connection could allow an attacker to remotely access the database via a blind SQL injection attack.

Had a malicious attacker found the vulnerability, he could have downloaded the entire database. Regarding what he could see, TechCrunch reports,

“The database contained 427 tables, containing millions of records on customers — including billing data, support tickets, and other user data, according to Borda… He also found several database columns storing credit card data, including card numbers, expiry dates, security codes, and addresses.”

Security Flaw Patched

After knowing the glitch, Altima Telecom patched the flaw whilst thanking the researcher and TechCrunch. Frank Yang, Chief Executive Altima, said,

“We really appreciate you and the security researcher bringing this to our attention. We are taking this matter very seriously.”

Altima Telecom is a Montreal-based VoIP and internet service serving the customers in various major regions in Canada. Altima is not the only firm in this niche facing such cybersecurity trouble. Last month, several Canadian telecom services endured a major security threat due to SOLEO IP Relay flaw.

Take your time to comment on this article.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!