SA's largest cellular network is looking into an incident in which a customer could access someone else's account information.
Vodacom customer Grant Corry says he accessed an account online to determine why the bill charge was so high and was logged into his profile when he discovered he was able to access someone else's account.
While navigating the various reports available on the site, Corry says he was able to access someone else's account, complete with their cellphone number, call history, address and name.
Corry says he registered on Vodacom's 4me site about a year to two years before the incident, and had never previously been able to retrieve someone else's account details.
While he was unable to change any of the information belonging to the customer, he is concerned that such security breaches could lead to identity fraud.
Once off
Vodacom's executive head of corporate communications, Richard Boorman, says the company believes the incident was isolated but is, “of course, investigating further”.
Chris Gilmour, Absa Investments analyst, says “that shouldn't have happened”. He says one incident indicates a breach in the company's security, and “opens a whole Pandora's box of stuff”.
Gilmour says there is a risk that the victim could have had her identity stolen, and there could have been more such incidents that have gone unreported. “One is one too many; if it can happen like that, it's telling you there is a flaw in the system.”
He suspects the breach has something to do with Vodacom moving from its 4me platform, to a new one hosted on vodacom.co.za.
Related story:
SMS is new 419 scam
Share
