From TechCrunch: A security lapse at Canada’s fourth largest cell network Freedom Mobile exposed customer data.
Security researchers Noam Rotem and Ran Locar found an Elasticsearch server leaking five million logs containing customer data. The server wasn’t protected with a password, allowing anyone to access the data.
Rotem and Locar, who shared their findings exclusively with TechCrunch and published his report at vpnMentor, said it took the cell giant a week to secure the leaking database after first reaching out.
The database is believed to be part of a logging system used by the company to determine errors and glitches in the company’s systems. The database recorded any errors and the plaintext data associated with it, including customer data.
Data seen by TechCrunch reveals customer names, email addresses, phone numbers, postal addresses, dates of birth, customer types, and Freedom Mobile account numbers.
The logs also answers to credit checks filed through Equifax, including details if an application was accepted or rejected — along with the reason why.
View: Article @ Source Site
