Vox Telecom was recently made aware of a vulnerability on its customer portal that allowed certain customer accounts to view the partial contact information of related accounts under the same reseller through the manipulation of access strings.
The information was not linked to system login details and no customer services were compromised by the breach.
A customer identified the vulnerability and told Vox, which found that the vulnerability was exploited by that customer only and was not misused by any other portal sessions.
“We take the security around our systems and our customers’ personal information very seriously. As such, we have made a decision to voluntarily disclose the breach to MyBroadband, and have expedited the resolution thereof,” said Tim Wood, executive head of information systems and technology at Vox Telecom.
“We align ourselves with relevant security standards and continuously tighten our security measures as new threats emerge. We will continue to perform ongoing security testing.”
Vox said it recognises there is culture of silence regarding security vulnerabilities and wanted to proactively address the issue brought to its attention. It encouraged others to do likewise.
“Security is a growing concern shared by all and we are grateful to anybody that identifies and reports system security issues in an ethical and responsible manner.”