ACT Fibernet Could Have Revealed User’s Email ID, Address Due to A Security Flaw


INTRO: Just yesterday, we reported that RailYatri’s server was exposed and will have let an intruder access private info of quite 7 lakh users. Security researchers have today reported that a vulnerability in ACT Fibernet service could have put the user’s email IDs, home address, and more in danger.

First spotted by security researcher Karan Saini, a security flaw on ACT Fibernet’s end allowed anyone to question a lively user’s home address. Saini contacted the web service provider on discovering the matter s and steps were taken to quickly resolve the problem.

Saini stumbled upon a severe security flaw while using the ACT Fibernet mobile app, which as per his report, would allow “a malicious actor to question the complete name, home and work telephone number, account number, internal ID, email and residential address, connectivity status, also as other information” associated to your account.

Now, the hacker only must know your telephone number, which can help a question that returns the customer’s full name and account number. Once the account number has been retrieved, it might be wont to query a user’s address, email ID, billing status, and more.

ACT Fibernet confirmed Saini’s findings and revealed that the difficulty emerged during one of its latest updates. It was discovered during the rollout itself and glued at hand to avoid the private information of its users from being leaked to malicious actors. The company did patch a security loophole but since it confirmed that there hasn’t been a knowledge breach, it doesn’t plan on disclosing an equivalent to any customers.

“Customer security is our favorite priority, and that we get security audits done quarterly and work with ethical hackers,” stated the ACT Fibernet spokesperson in a politician statement (via Gadgets 360). The company is now actively working to roll out a bug bounty program, where it’ll award security researchers who discover flaws and loopholes in its services or servers. It plans to begin the bug bounty program within the next 30 to 45 days.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.