The third-largest mobile network in India, Airtel, was discovered to contain a fault that could have exposed more than 300 million users' personal information.
Because of a vulnerability in the mobile app's Application Programme Interface (API), hackers may have been able to access members' information just by using their phone numbers.
Customers' International Mobile Equipment Identity (IMEI) numbers were also available, along with information including names, emails, birthdays, and addresses.
The company claimed that one of its testing APIs had a technical problem that was fixed as soon as it was brought to our attention.
Source: https://www.bbc.com/news/world-asia-india-50641608
TPRM report: https://scoringcyber.rankiteo.com/company/airtel
"id": "air038523",
"linkid": "airtel",
"type": "Vulnerability",
"date": "12/2019",
"severity": "25",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Over 300 million',
'industry': 'Telecommunications',
'location': 'India',
'name': 'Airtel',
'type': 'Mobile Network Operator'}],
'attack_vector': 'API Vulnerability',
'data_breach': {'number_of_records_exposed': 'Over 300 million',
'personally_identifiable_information': ['Names',
'Emails',
'Birthdays',
'Addresses'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'IMEI numbers']},
'description': "A vulnerability in Airtel's mobile app API exposed personal "
'information of over 300 million users.',
'impact': {'data_compromised': ['Names',
'Emails',
'Birthdays',
'Addresses',
'IMEI numbers'],
'systems_affected': ['Mobile app API']},
'post_incident_analysis': {'corrective_actions': ['Fixed the technical issue'],
'root_causes': ['API Vulnerability']},
'references': [{'source': 'Airtel'}],
'response': {'communication_strategy': ['Public disclosure'],
'containment_measures': ['Fixed the technical issue']},
'title': 'Airtel Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Mobile app API'}