Call data records of as many as 20.6 million postpaid customers of Vodafone Idea (Vi) were exposed to a breach due to multiple security bugs. Customer’s sensitive and confidential personal data including call logs of nearly 301 million customers were exposed to the whole internet, according to researchers at cyber security company CyberX9.
"CyberX9's cyber security research team discovered multiple critical security vulnerabilities in Vodafone Idea due to which Vi exposed customer’s sensitive and confidential personal data including call logs of nearly 301 million customers to the whole internet. This also includes all (~20 million) postpaid Vi customers," the cyber security firm said in a statement.
According to the researchers at CyberX9, the security bugs exposed the call data records of Vi users and comprised the time when a call was made. Other details that were exposed included the users' duration of calls, the location of calls, the user's full name and address as well as SMS details.
"Vi left one of the main discovered vulnerabilities open for cyber attacks for the last ~2 years. Vi was vulnerable since last ~2 years to one of the main discovered vulnerabilities but Vi only fixed the data expose only after we discovered and responsibly reported it now," CyberX9 added.
According to a report by news agency PTI, the cyber security firm's founder and managing director Himanshu Pathak said that the firm shared its entire findings with Vodafone Idea via email. "Later on August 22, Vi confirmed the receipt of our report. Vodafone Idea acknowledged the vulnerabilities discovered and reported by us on August 24," he was quoted as saying by PTI.
Vodafone Idea had denied the claim of the call data of 20 million postpaid customers being exposed. "Vi customer data remains fully safe and secure," Vodafone Idea was quoted as saying.