Once again, researchers have found another unsecured database that exposed more than a million records. The database belonged to Canadian telecommunication firm Freedom Mobile. The database exposed sensitive personal and financial information about the firm’s customers.
Freedom Mobile Exposed 5 Million Records
Reportedly, Canada’s fourth-largest telecommunication service has inadvertently exposed customer records. Through an unprotected database, the firm leaked more than 5 million records supposedly belonging to 1.5 million users.
The researcher duo from VPNMentor, Noam Rotem and Ran Locar, spotted an unprotected database exposing sensitive information. They have mentioned about their findings in detail in their blog post. As they discovered, the database included 5 million entirely unencrypted records including detailed personal and payment card data.
The exposed personal records included customer names, birth dates, email addresses, contact numbers, home addresses, customer type and IP addresses linked with the payment method. Other details leaked by this database include unencrypted credit card information and CVV numbers, and credit score responses from Equifax and other organizations alongside acceptance or rejection reasons.
In addition, the database also leaked information about customers’ cellular data, such as the billing cycle dates, subscription dates, account numbers, and customer service records.
According to the researchers, the database exposed at least 5 million records. Whereas, Freedom Mobile has a userbase of 1.5 million customers so they speculate that the records may have multiple entries per customer.
Freedom Mobile has at least 1.5 million subscribers, and its parent company is owned by Shaw Communications which has more than 3.2 million customers across Canada.
These records seem to reflect any action taken within a user account, allowing for multiple entries per customer.
Database Now Closed
While the researchers suspect a huge number of customers potentially affected by this incident, Chethan Lakshman, Shaw Communications spokesperson, stated a relatively much lower number. According to Lakshman, the incident affected a certain number of users during a specified time period. As reported by TechCrunch,
We have discovered that the data that was exposed was contained to a very small number of customers who had opened or made any changes to their accounts at 17 Freedom Mobile retail locations from March 25 to April 15, and any customers who made changes or opened accounts on April 16.
He also elaborated that the database was hosted on a new service provider for Freedom Mobile, Apptium.
Our investigation has revealed that a very limited amount of Freedom Mobile customer data was exposed as the result of a misconfigured server managed by Apptium, a new third-party service provider Freedom Mobile has engaged to streamline our retail customer support processes.
After discovering the unsecured database, the researchers tried to contact Freedom Mobile. However, their unsuccessful attempts compelled them to contact TechCrunch for assistance. Nonetheless, the firm later responded to the report and also confirmed closing down the database.
In the previous week, the duo also reported about an unsecured database exposing details of 80 million US households.
Let us know your thoughts in the comments.