‘Flaw in Airtel’s app may not have exposed user info’

A security flaw in Airtel’s mobile application, pointed out by an ethical hacker, may not have compromised any user data.

While the flaw had the potential for possible misuse, there was no real impact because the Application Program Interface (API) was on a testing phase.

Ehraz Ahmed, who identifies himself as a fintech professional, a web security researcher and a former ethical hacker, had flagged the flaw in a blogpost on Saturday. “The flaw existed in one of their APIs that allows you to fetch sensitive user information of any Airtel subscriber. It revealed information such as first and last name, gender, email, date of birth, address, subscription information, device capability information for 4G, 3G and GPRS, network information, activation date, user type (Prepaid/Postpaid) and current IMEI number.