You are currently viewing our desktop site, do you want to download our app instead?
Moneyweb Android App Moneyweb iOS App Moneyweb Mobile Web App

NEW SENS search and JSE share prices

More about the app

Big Cell C security flaw uncovered

Cell C’s online portal made it possible for anyone to view Cell C subscribers’ personal information.

A security flaw with Cell C’s online portal – aka My Cell C – allowed anyone with an internet connection to view personal information about many of Cell C’s subscribers.

Concerned Cell C subscriber Eugene Eksteen (aka cavedog) alerted MyBroadband that the “My Cell C My Account” portal provided access to personal details about many Cell C numbers by using a generic master password.

The security flaw was tested by MyBroadband using a new Cell C SIM and existing Cell C accounts. All Cell C numbers could be accessed, except those where the user changed their online password.

A wide range of personal information could be accessed through the portal, including account details, banking details, numbers called, PIN and PUK numbers and payment history.

According to Eksteen the vulnerability existed since March 2013, following a system upgrade by Cell C.

Cell C quickly fixes flaw

MyBroadband alerted Cell C to the security flaw on 2 January 2014, and the operator confirmed the vulnerability soon afterwards.

“Cell C can confirm that following a thorough investigation, the security flaw on our online customer portal was identified and resolved,” Cell C said.

Cell C said that they suspect the flaw was the result of recent system maintenance.

“We are pleased to confirm that by mid-afternoon today [3 January 2014], a patch was developed, tested and deployed and the issue is now fully resolved,” said Cell C.

“The security of customer information is of the utmost importance to Cell C and we will be appraising our systems accordingly.”

Cell C thanked MyBroadband and Eksteen for bringing the security flaw to their attention.

* This report first appeared on Mybroadband.co.za and can be viewed here: http://mybroadband.co.za/news/security/94332-big-cell-c-security-flaw-uncovered.html

VIDEOS

COMMENTS   0

Comments on this article are closed.

LATEST CURRENCIES  

USD / ZAR
GBP / ZAR
EUR / ZAR
BTC / USD

Podcasts

INSIDER SUBSCRIPTION APP VIDEOS RADIO / LISTEN LIVE SHOP OFFERS WEBINARS NEWSLETTERS TRENDING

Follow us:

Search Articles:
Click a Company: