SQL Injection Exposed Data From Canadian ISP – Altima Telecom

Handling customer data requires a lot of caution by organizations. A slight negligence or glitch in the data security system could result in devastating losses. It is only a matter of luck for an organization if a white-hat hacker or security researcher identifies a flaw before a malicious exploit occurs.

Altima Telecom Exposed Customer Data

Canadian telecommunication company Altima Telecom exposed customer data to the public. The problem appeared due to a glitch in its website, exploiting this glitch could allow an attacker to access the entire customer database of the firm.

Security researcher Daley Borda discovered this flaw which he reported to TechCrunch. According to his findings, the problem appeared due to the link between the firm’s website and database. This connection could allow an attacker to remotely access the database via a blind SQL injection attack.

Had a malicious attacker found the vulnerability, he could have downloaded the entire database. Regarding what he could see, TechCrunch reports,

“The database contained 427 tables, containing millions of records on customers — including billing data, support tickets, and other user data, according to Borda… He also found several database columns storing credit card data, including card numbers, expiry dates, security codes, and addresses.”

Security Flaw Patched

After knowing the glitch, Altima Telecom patched the flaw whilst thanking the researcher and TechCrunch. Frank Yang, Chief Executive Altima, said,

“We really appreciate you and the security researcher bringing this to our attention. We are taking this matter very seriously.”

Altima Telecom is a Montreal-based VoIP and internet service serving the customers in various major regions in Canada. Altima is not the only firm in this niche facing such cybersecurity trouble. Last month, several Canadian telecom services endured a major security threat due to SOLEO IP Relay flaw.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients