Flaw found in Airtel mobile app and exposed data of over 325 million users


A serious flaw found in Airtel’s mobile application exposed personal details of more than 300 million users in India. Airtel has issued a fix for the problem as well.

A bug was found in Airtel which could have exposed the personal data of more than 300 million users. The flaw, discovered in the Application Program Interface (API) of Airtel’s mobile app, could have been used by hackers to access subscribers’ information using just their numbers.


That information included things like names, emails, birthdays and addresses.The flaw was fixed after the BBC highlighted the issue to Airtel. “There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice.


“Airtel’s digital platforms are highly secure. Customer privacy is of paramount importance to us and we deploy the best of solutions to ensure the security of our digital platforms,” the spokesperson added.


Seems all the digital medium is not at all safe, then a question arises on why do the government is talking much about the Digial medium, Digital payment and Digital Data. An expert says, it is simply stupidity to go completely digital. It is just like driving a car without proper brakeing system. As per the data, from Telecom Regulatory Authority of India (TRAI) , Airtel had close to 325 million active subscribers by the end of September 2019. It has the third-largest subscriber base after Vodafone-Idea (372 million) and Reliance Jio (355 million). In October this year, a local search service named Justdial was found to have a flaw in its API that could have potentially affected 156 million users in India. Justdial acknowledged the flaw and accepted the bug which could be potentially accessed by an expert hacker.


India doesn’t have any specific legislation that deals with data protection. However, in line with the European Union’s General Data Protection Regulation (GDPR), the government introduced a draft personal data protection law called the Personal Data Protection Bill in 2018.


This proposed rules on the collection, processing and storage of personal data, along with penalties, compensation and a code of conduct.


Recently, on 4 December, the federal cabinet headed by Prime Minister Narendra Modi approved the Personal Data Protection Bill. Even before the issue of WhatsApp leaking information of Indian users could die down, Airtel has admitted that its mobile app could have put user data at risk. If true, data of over 300 million users are at risk.


According to reports, the security flaw was found in the Airtel app’s Application programming interface (API), which could be easily exploited by hackers to access personal data of users by just using their mobile number. The bug was discovered by a Bengaluru-based security researcher, Ehraz Ahmed.


So what all information has been compromised? User’s name, address, birthday and IMEI number on which the app is installed are likely to have been given out.

Customer privacy is of paramount importance to us and we deploy the best of solutions to ensure the security of our digital platforms,” the Airtel spokesperson added.