Vodafone Idea Allegedly Leaked Data Of Over 300 Million Customers, Telco Rejects Claim

Last Updated on August 29, 2022 by Anu Joy

Cyber security company Cyber X9 has made some serious accusations against ‎Vodafone Idea (Vi). According to its findings, Vi has reportedly exposed personal data of nearly ‏‏‎301 million (30 crore) customers over the past two years. However, the telco denied the data breach.

Vi Data Breach

Security firm Cyber X9’s security team claims that is has discovered “critical security vulnerabilities” exposing Vi’s customer’s personal data to possibly malicious actors. The firm claims that Vi plugged the leak, which had put sensitive customer data at risk for nearly two years, only after Cyber X9 had reported it this month.

The report details the information leaked by Vi, stating, “The information of Vi customers being exposed due to these vulnerabilities includes but not limited to, all call records (date/time, other phone number talked to, and duration), all SMS records, internet usage details, location details, full name, Vi phone number, residential address, alternate contact number, bill payment transaction details, plan details, bill details of many months, credit limit, and so on.”

The security company explains that the data breach occurred because Vi did not apply any restrictions to its systems. This would allow hackers to apply a “large scale automated exfiltration of sensitive and confidential user data,” states the report. It goes on to say that after Cyber X9 submitted their detailed findings to Vi, the telco took around five days to fix the vulnerability. The cyber security company claims that Vi could have applied the fix in an hour.

Vi Denies Data Breach Claims

Meanwhile, Vi has refuted the allegations. The company released a statement denying claims of a data leak, “There is no data breach as alleged in the report. The report is false and malicious. We learnt about a potential vulnerability in billing communication. This was immediately fixed and a thorough forensic analysis was conducted to ascertain no data breach. We have notified appropriate agencies and made due disclosures.” The telco added, “Vi customer data remains fully safe and secure.”

Vi Claims Absurd: Security Firm

Cyber X9 rubbished Vi’s statement, calling it “absurd and baseless.” The security firm stated, “Vi was exposing millions of customers call logs and other sensitive data for at least last about two years. In that massive time period, multiple criminal hackers might have stolen this data. It is absurd and baseless claim of Vi that they’ve done a forensic audit and no breach was found. Such a detailed forensic audit would at least take couple of months to be done.”

Also Read: How To Steer Clear Of Chinese Loan App Scam

India is subject to an alarming number of data leaks. According to a study by Netherlands-based VPN service company Surfshark, India is ranked as the sixth most breached country in the world. The report adds that 18 percent of Indians have had their personal details leaked since 2004. Last year, it was reported that Dominos India was hacked and the data associated with 180 million orders, including phone numbers and credit card details, were leaked. This made it one of the biggest data breaches in India in 2021. However, the pizza chain had claimed that financial information of customers was not compromised.