Vi Data Leak – The cybersecurity firm alleged that Vi mishandled its users’ sensitive personal data and was negligent. The telecom giant has refuted the data breach, calling the report false and malicious. Vi stated that the vulnerabilities were identified, disclosed and fixed, and that there was no data breach.
Vi Data Leak CyberX9 Report
According to a report published by cybersecurity firm CyberX9, vulnerabilities with telecom operator Vi formerly Vodafone Idea have exposed demographic data, call logs, phone numbers, internet usage details, credit limit, etc. of 301 million customers.
He added that 20 Mn of these were the entire postpaid consumer base of Vodafone Idea. This would permanently damage the privacy and security of millions of Vodafone Idea customers, CyberX9 said in a blog post, adding that it suspects these were leaked.
He urged the government to order a fair and independent security audit of Vi, as it has been exposing million of customer call logs & other sensitive data for at least the past two year. In that massive period of time, various criminal hackers could have stolen this data, he alleged.
CyberX9 also claimed that it shared the report finding with Vi on August 22 and that a Vi company official acknowledged the vulnerability on August 24. (Vi Data Leak)
Rejecting the report as false & malicious, Vi said it has a strong IT security frameworks in place to keep customers data safe & conduct regular check and audit to further strengthen its security framework.
We have become aware of a potential billing communication vulnerability, the company said in a statement. This was fixed immediately and a thorough forensic analysis was performed to determine that there was no data breach. We have notified the appropriate agencies and made the appropriate disclosures. Vi customer data remains completely safe and secure.
CyberX9, in its report, stated that the vulnerabilities discovered in Vi system were extremely easy for anyone with good computer skills to discover and exploit.
The vulnerabilities discovered were incorrect authorization and IDOR insecure direct object reference vulnerabilities, which led to the exposure of a massive amount of sensitive data across the Internet. There is a high potential that these vulnerabilities have been exploited in this time period of 2 year by malicious people. hackers to steal all data, (Vi Data Leak)