Blogger finds bug in Maxis e-service

|

PETALING JAYA: A bug in Maxis Communications' electronic customer service system left some of its customers' accounts open to the prying eyes of strangers for a short time. Customers who logged into their account were shocked to find they were in someone else's account. The incidents seemingly occurred at random, with different accounts being opened each time the person logged in.

Once in the other person's account, data such as backed-up phone address books, e-mail addresses, and the account owner's cellphone number were displayed. The bug was discovered by a blogger, who asked to be identified as Arsyan (arsyan.com/blog), on Monday when he logged into his Maxis account via the telco's website, maxis.com.my. He was shocked to find that the system had logged him into a stranger's account. And each he time logged in, he was taken into a different person's account.

Arsyan said he then posted his discovery on microblogging site Twitter to warn other Maxis subscribers.
"I phoned the unsuspecting subscribers, whose accounts I had unintentionally logged into, to warn them about the glitch," he said. He also alerted Maxis via Twitter to its @MaxisListens account. He claimed that Maxis then tweeted to him that the account he had inadvertently logged into was a test account. "I doubt that. How could it be a test account when I could phone the account holder?" he said. Maxis has since released a statement. It said immediate steps had been taken and that the problem was resolved within hours of it occurring.

The telco reassured its customers of its commitment to customer information confidentiality. Maxis also said it considered the matter closed and had contacted affected customers to update them on the situation. It declined to reveal how many customers were affected by the bug.[source]

0 comments:

Post a Comment