{"id":94332,"date":"2014-01-05T23:05:21","date_gmt":"2014-01-05T21:05:21","guid":{"rendered":"http:\/\/mybroadband.co.za\/news\/?p=94332"},"modified":"2014-01-06T08:29:42","modified_gmt":"2014-01-06T06:29:42","slug":"big-cell-c-security-flaw-uncovered","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/94332-big-cell-c-security-flaw-uncovered.html","title":{"rendered":"Big Cell C security flaw uncovered"},"content":{"rendered":"<p>A security flaw with <a title=\"Cell C\" href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php\/213919-Cell-C\">Cell C<\/a>\u2019s online portal &#8211; aka My Cell C \u2013 allowed anyone with an internet connection to view personal information about many of Cell C\u2019s subscribers.<\/p>\n<p>Concerned Cell C subscriber Eugene Eksteen (aka cavedog) alerted MyBroadband that the \u201cMy Cell C My Account\u201d portal provided access to personal details about many Cell C numbers by using a generic master password.<\/p>\n<p>The security flaw was tested by MyBroadband using a new Cell C SIM and existing Cell C accounts. All Cell C numbers could be accessed, except those where the user changed their online password.<\/p>\n<p>A wide range of personal information could be accessed through the portal, including account details, banking details, numbers called, PIN and PUK numbers and payment history.<\/p>\n<p>According to Eksteen the vulnerability existed since March 2013, following a system upgrade by Cell C.<\/p>\n<h3 class=\"my-4\">Cell C quickly fixes flaw<\/h3>\n<p>MyBroadband alerted Cell C to the security flaw on 2 January 2014, and the operator confirmed the vulnerability soon afterwards.<\/p>\n<p>\u201cCell C can confirm that following a thorough investigation, the security flaw on our online customer portal was identified and resolved,\u201d Cell C said.<\/p>\n<p>Cell C said that they suspect the flaw was the result of recent system maintenance.<\/p>\n<p>\u201cWe are pleased to confirm that by mid-afternoon today [3 January 2014], a patch was developed, tested and deployed and the issue is now fully resolved,\u201d said Cell C.<\/p>\n<p>\u201cThe security of customer information is of the utmost importance to Cell C and we will be appraising our systems accordingly.\u201d<\/p>\n<p>Cell C thanked MyBroadband and Eksteen for bringing the security flaw to their attention.<\/p>\n<h3 class=\"my-4\">More on security flaws<\/h3>\n<p><a title=\"My Vodacom security flaw exposes subscriber details\" href=\"http:\/\/mybroadband.co.za\/news\/security\/94234-my-vodacom-security-flaw-exposes-subscriber-details.html\"><strong>My Vodacom security flaw exposes subscriber details<\/strong><\/a><\/p>\n<p><a title=\"City of Joburg opens criminal case against \u201chacker\u201d\" href=\"http:\/\/mybroadband.co.za\/news\/general\/85285-city-of-joburg-opens-criminal-case-against-hacking.html\"><strong>City of Joburg opens criminal case against \u201chacker\u201d<\/strong><\/a><\/p>\n<p><strong><a title=\"True story behind Joburg\u2019s online security problems\" href=\"http:\/\/mybroadband.co.za\/news\/security\/84993-true-story-behind-joburgs-online-security-problems.html\">True story behind Joburg\u2019s online security problems<\/a><\/strong><\/p>\n<p><a title=\"Fraudsters using Woza Online to scam people in SA\" href=\"http:\/\/mybroadband.co.za\/news\/security\/93575-fraudsters-using-woza-online-to-scam-people-in-sa.html\"><strong>Fraudsters using Woza Online to scam people in SA<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cell C\u2019s online portal made it possible for anyone to view Cell C subscribers\u2019 personal information; security flaw fixed quickly<\/p>\n","protected":false},"author":23,"featured_media":79089,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[355,35,15511],"class_list":["post-94332","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cell-c","tag-headline","tag-security-flaw"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/94332"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=94332"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/94332\/revisions"}],"predecessor-version":[{"id":94334,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/94332\/revisions\/94334"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/79089"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=94332"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=94332"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=94332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}