Sammyboy RSS Feed
16-09-2014, 07:40 AM
An honorable member of the Coffee Shop Has Just Posted the Following:
The telco suspended orders for the new iPhones on Monday evening (Sep 15), hours after a customer highlighted that he discovered a "security loophole" and could access other M1 customers' information.
PHOTOS (http://www.channelnewsasia.com/news/singapore/m1-suspends-iphone-pre/1363636.html#photo-tab)
http://www.channelnewsasia.com/image/1363632/1410806772000/large16x9/768/432/m1-website-hack.jpg Screengrab of a video sent in by a viewer highlighting a security loophole on the M1 website discovered on Sep 14
SINGAPORE: M1 has suspended pre-orders for the iPhone 6 and iPhone 6 Plus after discovering a potential security breach. "As a precaution to protect our customers' personal information, we will be temporarily suspending pre-orders while we urgently investigate this issue," it said in a post on Facebook on Monday (Sep 15). A spokesperson said pre-orders were suspended at 7pm, and that the company is working to rectify the issue.
While M1 did not specify the nature of the potential security breach in its Facebook post, a member of the public reached out to Channel NewsAsia on Monday, saying that he found a security loophole at around 9pm on Sunday, while trying to get a new iPhone for himself.
He said using a cookie modifier plug-in on Google Chrome, he managed to access forms showing data from customers. Screengrabs and a video obtained by Channel NewsAsia appear to show that he was able to access information such as phone numbers, NRIC and home addresses.
http://www.channelnewsasia.com/blob/1363644/1410787866000/m1-loophole-data.jpg
He said he alerted M1 to this purported loophole by posting on its Facebook wall, and said he was asked to fill in a customer feedback form. "I am quite disappointed about that, because I am using M1 services myself," he said. As of Monday afternoon, he was still able to access the information.
http://www.channelnewsasia.com/blob/1363684/1410789850000/m1-fb-note-post-data.jpg
The man, who said he was a Computer Science masters student, described the loophole as "a very simple, silly error" and said a sophisticated hacker would be able to download the whole database within hours.
Speaking to Channel NewsAsia, an M1 spokesperson confirmed that they would not be taking any action against the customer as they appreciate that he took the time to inform them of the issue.
"M1 places the utmost priority in protecting our customer data and privacy and has implemented strict processes and procedures to safeguard customer information, including conducting regular security audits. We will be conducting a full review on this incident," the spokesperson said.
Access to M1's website has been patchy since it started taking pre-orders for the new iPhones on Friday. It said on Monday evening that the first batch of iPhone 6 Plus handsets have been snapped up.
Click here to view the whole thread at www.sammyboy.com (http://www.singsupplies.com/showthread.php?190106-M1-suspends-iPhone-pre-orders-after-customer-finds-security-loophole&goto=newpost).
The telco suspended orders for the new iPhones on Monday evening (Sep 15), hours after a customer highlighted that he discovered a "security loophole" and could access other M1 customers' information.
PHOTOS (http://www.channelnewsasia.com/news/singapore/m1-suspends-iphone-pre/1363636.html#photo-tab)
http://www.channelnewsasia.com/image/1363632/1410806772000/large16x9/768/432/m1-website-hack.jpg Screengrab of a video sent in by a viewer highlighting a security loophole on the M1 website discovered on Sep 14
SINGAPORE: M1 has suspended pre-orders for the iPhone 6 and iPhone 6 Plus after discovering a potential security breach. "As a precaution to protect our customers' personal information, we will be temporarily suspending pre-orders while we urgently investigate this issue," it said in a post on Facebook on Monday (Sep 15). A spokesperson said pre-orders were suspended at 7pm, and that the company is working to rectify the issue.
While M1 did not specify the nature of the potential security breach in its Facebook post, a member of the public reached out to Channel NewsAsia on Monday, saying that he found a security loophole at around 9pm on Sunday, while trying to get a new iPhone for himself.
He said using a cookie modifier plug-in on Google Chrome, he managed to access forms showing data from customers. Screengrabs and a video obtained by Channel NewsAsia appear to show that he was able to access information such as phone numbers, NRIC and home addresses.
http://www.channelnewsasia.com/blob/1363644/1410787866000/m1-loophole-data.jpg
He said he alerted M1 to this purported loophole by posting on its Facebook wall, and said he was asked to fill in a customer feedback form. "I am quite disappointed about that, because I am using M1 services myself," he said. As of Monday afternoon, he was still able to access the information.
http://www.channelnewsasia.com/blob/1363684/1410789850000/m1-fb-note-post-data.jpg
The man, who said he was a Computer Science masters student, described the loophole as "a very simple, silly error" and said a sophisticated hacker would be able to download the whole database within hours.
Speaking to Channel NewsAsia, an M1 spokesperson confirmed that they would not be taking any action against the customer as they appreciate that he took the time to inform them of the issue.
"M1 places the utmost priority in protecting our customer data and privacy and has implemented strict processes and procedures to safeguard customer information, including conducting regular security audits. We will be conducting a full review on this incident," the spokesperson said.
Access to M1's website has been patchy since it started taking pre-orders for the new iPhones on Friday. It said on Monday evening that the first batch of iPhone 6 Plus handsets have been snapped up.
Click here to view the whole thread at www.sammyboy.com (http://www.singsupplies.com/showthread.php?190106-M1-suspends-iPhone-pre-orders-after-customer-finds-security-loophole&goto=newpost).