BSNL landed themselves in hot water recently as they publicly posted personal data of one of their consumers on Twitter. A user called out the company on the micro-blogging website and in response the company’s official Twitter handle posted all the recent deductions and recharge details of the user, along with his phone number. Shortly after, the company deleted the tweet, however, a screenshot of it was already taken and posted on Reddit.
This is not the first time BSNL has come under fire. Elliot Anderson, the cybersecurity expert, on Twitter claimed that he was able to hack into many of the company’s websites and obtain their employee data. However, BSNL said that the hacked domains were publicly listed URLs and didn’t contain any customer or employee data.“BSNL, being one of the largest Telecom Operators in India, is fully prepared to prevent any data loss related to its employees, customers or stakeholders,” said the state-run telecom operator.
Anderson had also previously discovered vulnerabilities in the m-Aadhaar app. He revealed how anyone with some programming knowledge can bypass the apps’ security and steal a users data. In a Tweetstorm, he showed that the password for the local database, which the mAadhaar app makes use of for storing critical information such as KYC profile data, biometric preferences, and user passwords, can be easily acquired. This means that if someone acquires to your smartphone, the Mobile Aadhaar PIN can be easily compromised. You can read our in-depth coverage of this issue here.
Speaking of vulnerabilities and data leaks, in July last year, a database of Reliance Jio’s user information was leaked online. The telcos customers’ information like Aadhaar number, email ids and more were available online. The company responded to the leaks saying that the leaked data is unauthentic and their user’s data securely maintained.
In December last year, Airtel was also banned from conducting Aadhaar-SIM linking and e-KYC verification. The telco was allegedly using the Aadhaar-eKYC SIM verification process for opening new Payments Bank accounts without the explicit consent of its customers. You can read more about it here.