If you are a Freedom Mobile customer, you might have a very good reason to be concerned about the security of your personal information. According to Tech Crunch, a server belonging to Canada’s fourth largest telco is leaking data:
Security researchers Noam Rotem and Ran Locar found an Elasticsearch server leaking five million logs containing customer data. The server wasn’t protected with a password, allowing anyone to access the data.
Rotem and Locar, who shared their findings exclusively with TechCrunch and published his report at vpnMentor, said it took the cell giant a week to secure the leaking database after first reaching out.
The database is believed to be part of a logging system used by the company to determine errors and glitches in the company’s systems. The database recorded any errors and the plaintext data associated with it, including customer data.
Data seen by TechCrunch reveals customer names, email addresses, phone numbers, postal addresses, dates of birth, customer types, and Freedom Mobile account numbers.
The logs also answers to credit checks filed through Equifax, including details if an application was accepted or rejected — along with the reason why.
We also found full credit card numbers, expiry dates and verification numbers stored in plaintext.
None of the data was encrypted.
This is a #EpicFail on the part of Freedom Mobile. Partially because the server was leaking data, and partially because someone else had to tell Freedom Mobile about it which implies that the company wasn’t on the ball. Now 15000 customers were affected and the server was secured after the researchers told them about it. Though Freedom Mobile all but tossed a company called Apptium who managed the server under the bus for this. No matter. It’s being investigated by the Office of the Privacy Commissioner and I hope they dole out the right level of punishment as this sort of thing simply cannot go unpunished.
Like this:
Like Loading...
Related
This entry was posted on May 7, 2019 at 11:12 am and is filed under Commentary with tags Canada, Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Freedom Mobile Suffers Data Leak….Credit Cards, Email Addresses, And More Exposed
If you are a Freedom Mobile customer, you might have a very good reason to be concerned about the security of your personal information. According to Tech Crunch, a server belonging to Canada’s fourth largest telco is leaking data:
Security researchers Noam Rotem and Ran Locar found an Elasticsearch server leaking five million logs containing customer data. The server wasn’t protected with a password, allowing anyone to access the data.
Rotem and Locar, who shared their findings exclusively with TechCrunch and published his report at vpnMentor, said it took the cell giant a week to secure the leaking database after first reaching out.
The database is believed to be part of a logging system used by the company to determine errors and glitches in the company’s systems. The database recorded any errors and the plaintext data associated with it, including customer data.
Data seen by TechCrunch reveals customer names, email addresses, phone numbers, postal addresses, dates of birth, customer types, and Freedom Mobile account numbers.
The logs also answers to credit checks filed through Equifax, including details if an application was accepted or rejected — along with the reason why.
We also found full credit card numbers, expiry dates and verification numbers stored in plaintext.
None of the data was encrypted.
This is a #EpicFail on the part of Freedom Mobile. Partially because the server was leaking data, and partially because someone else had to tell Freedom Mobile about it which implies that the company wasn’t on the ball. Now 15000 customers were affected and the server was secured after the researchers told them about it. Though Freedom Mobile all but tossed a company called Apptium who managed the server under the bus for this. No matter. It’s being investigated by the Office of the Privacy Commissioner and I hope they dole out the right level of punishment as this sort of thing simply cannot go unpunished.
Share this:
Like this:
Related
This entry was posted on May 7, 2019 at 11:12 am and is filed under Commentary with tags Canada, Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.