A MyBroadband reader recently discovered that Telkom’s online chat platform offers more information than it should.
The reader told MyBroadband that he was having difficulty cancelling his ADSL service, and decided to use the online chat service offered on Telkom’s website to resolve the matter.
He logged into his Telkom profile using his work PC and visited the Talk To Us section of the site.
After opening an online chat, and while waiting for an agent to respond, he navigated off the browser window to continue working.
He forgot about the chat, however, and did not notice an agent had responded and that after no response the online chat had timed out.
After the chat timed out, it was automatically closed and a window popped up with a record of the online conversation which took place.
Instead of the window from his chat, though, the user received a summary of another Telkom user’s conversation.
The other user’s online chat contained their personal information, including their ID number, home address, cellphone number, and email address.
The screenshot below, which has been redacted, shows the chat window which was displayed to the user. (Click on the image to enlarge it.)
Telkom – No issue detected
MyBroadband contacted Telkom to inform them about the potential security flaw and for feedback on the matter, but the company said it could not replicate the issue on its side.
The user stated that he has not been able to replicate the issue again, and when MyBroadband tested the online chat using the same method no user information was exposed.