A Customer Found A Security Breach In M1’s Website.

With the release of the iPhone 6, many people went on a mad rush to pre-order it on M1’s website, which started taking orders on Friday, 12th September. Users had trouble accessing the site due to traffic, and the telco discovered a security breach. M1 had uspended orders at approximately 7.30 pm on Monday, and resolved this at approximately 8am on Tuesday morning.

Post by M1.

But there’s more to the story.

The Security Breach In Detail

An unnamed individual came forward to the telco, pointing out the security breach. Using the cookie modifier plug-in on Google Chrome, he was able to access the contact information of the M1’s customers who signed up for the iPhone. This included their addresses and NRIC numbers. Oops.

The Computer Science student asked the website team to contact him as it was a “very simple, silly error,” and that any hacker would be able to download the contact information of all these customers. Instead, M1 asked him to fill in a form—not exactly the best strategy when it comes to a privacy breach.

M1 Reacts To The Incident

According to Channel News Asia, a spokesperson for M1 said that they would “not be taking any action against the customer” as he had informed them of the breach. Way to be grateful to someone who only wanted to help.

Privacy has become an issue in this day and age, especially when we upload so much of our personal data onto many social media platforms. The recent iCloud celebrity photo leak showed that hackers are not just stealing identities anymore, but using whatever information they can to humiliate people.

Although M1 posted a public apology on Facebook, stating that protecting their customers’ data is of “utmost priority,” it sounds too much like a hurried apology that comes after a lapse in judgement.

We’re keeping our fingers crossed that the telco learns from its mistakes. Although many companies are still learning to navigate this brave new webspace, we need to hold them accountable for any breaches in privacy.

With Reference to Channel News Asia and The Straits Times

Top Image via M1