BreachExchange mailing list archives
Vodafone customer account details 'briefly exposed' after software update
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 30 Sep 2019 00:14:07 -0500
https://www.stuff.co.nz/business/116072133/vodafone-preparing-comment-on-apparent-privacy-breach Vodafone says customers were able to access other people's account information through its MyVodafone app on Wednesday morning. Spokeswoman Meera Kaushik said the privacy breach followed a planned upgrade to the app at 7am, which resulted in an "unexpected caching issue". "The upgrade was rolled back within 15 minutes and the caching issue corrected, however it did mean that for a period of time a small number of users were able to see some of the information that customers had entered into their app," she said. Vodafone's analysis was not complete, "but we have confirmed that at least three customers' personal information was exposed in the brief period of time between the upgrade and the roll-back this morning," Kaushik said on Wednesday afternoon. "The root cause of the incident has been identified and remedied" and customers' full credit card details were not visible, she said. "We've advised the Privacy Commissioner and are contacting these customers to notify them." Auckland man Umesh Dayal said he was contacted by "at least half-a-dozen" people on Wednesday morning who had told him they had seen his details, instead of their own, when they logged on to the app. "They were able to log off and back into their own account. "It looks like a glitch to me. Vodafone are confused at this stage," he said, speaking prior to Vodafone's statement. "Obviously there is a privacy breach." Dayal said he was not overly concerned. "It is nothing that is going to cost me anything." Another Vodafone customer, Peter Murphy, said he also been presented with Dayal's account details, and had then seen the account details of two other Vodafone customers when he logged off and back into the app. "Vodafone said 'delete the app and reinstall it'." He believed he would have been able to make changes to those people's accounts. "I could have bought a data plan or changed the plan they were on." Murphy said he was concerned his own personal information could have been available to other Vodafone customers. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Vodafone customer account details 'briefly exposed' after software update Destry Winant (Sep 30)