Scribd Logo
Upload

Welcome to Scribd!

  • 12 M1 Customer Accounts Accessed During Website Breach: We Set You Thinking

    Uploaded by

    fewew
    5 views2 pages
    A security flaw in M1's website allowed a computer science student to access customer account information. Twelve customer accounts had personal information like names and addresses accessed, but credit card and bank details were not compromised. M1 has patched the flaw, conducted penetration testing, and will add extra layers of protection to website cookies. It is contacting the affected customers and being investigated by Singapore's Personal Data Protection Commission.

    Original Description:

    Original Title

    12_M1_customer_accounts_accessed_during_website-breach-Today

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    A security flaw in M1's website allowed a computer science student to access customer account information. Twelve customer accounts had personal information like names and addresses accessed, but credit card and bank details were not compromised. M1 has patched the flaw, conducted penetration testing, and will add extra layers of protection to website cookies. It is contacting the affected customers and being investigated by Singapore's Personal Data Protection Commission.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views2 pages

    12 M1 Customer Accounts Accessed During Website Breach: We Set You Thinking

    Uploaded by

    fewew
    A security flaw in M1's website allowed a computer science student to access customer account information. Twelve customer accounts had personal information like names and addresses accessed, but credit card and bank details were not compromised. M1 has patched the flaw, conducted penetration testing, and will add extra layers of protection to website cookies. It is contacting the affected customers and being investigated by Singapore's Personal Data Protection Commission.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    12 M1 customer accounts accessed during website breach | TODAYonline Page 1 of 4

    SINGAPORE WEATHER 25° | 29° AIR QUALITY: PSI 65-72 Search... Submit
    LOGIN Query
    FOR PDF ARCHIVES

    We set you thinking Read the PDF


    TUESDAY 14 OCTOBER 2014 print edition

    singapore

    12 M1 customer accounts
    accessed during website breach

    (http://www.todayonline.com/sites/default/files/styles/photo_galler
    y_image_lightbox/public/photos/43_images/m1_shop.jpg?
    itok=-S_no4Kh)
    TODAY file photo of an M1 shop.

    View all 0 comments

    Like Share 21 0 Tweet 18

    PUBLISHED: 9:23 PM, SEPTEMBER 17, 2014

    SINGAPORE — Twelve M1 customers’ accounts were


    accessed in one incident when the telco’s website
    security was breached.

    Personal information such as names and addresses were


    accessed but credit card and bank account details were
    not accessible, said M1 today (Sept 17) as it announced
    the preliminary findings of its investigation into a website
    security incident on Monday. It is in the process of
    contacting the customers.

    “A security flaw existed in the design of an application


    programming interface in the customer authentication
    mechanism of our website. By changing data stored
    within a website “cookie”, this allows possible access to
    another customer’s personal information. A security patch
    was immediately developed and deployed which rectified
    the flaw,” said M1.

    “Our independent security specialist has commenced


    penetration testing, post-implementation of the security
    patch. This will be followed by penetration testing by
    another independent specialist. We will also implement
    additional layers of protection to mask website cookies,”
    the telco said.

    http://www.todayonline.com/singapore/12-m1-customer-accounts-accessed-during-websi... 10/14/2014
    12 M1 customer accounts accessed during website breach | TODAYonline Page 2 of 4

    The security loophole was earlier detected by one of its


    customers — a computer science postgraduate student
    who said he was able to hack into the site and access
    personal data of the telco’s customers — causing the
    company to suspend all pre-orders for the new iPhones
    on Monday. M1 resumed accepting pre-orders 12 hours
    later and said that the loophole had been rectified.
    Yesterday, the Personal Data Protection Commission
    said it had contacted M1 and is investigating the matter.

    View all 0 comments

    Like Share 21 0 Tweet 18

    Add a comment...

    Comment

    Facebook social plugin

    Penetration Testing
    Web & Mobile App Security Testing Cloud,
    Cyber, MAS & APRA Security

    http://www.todayonline.com/singapore/12-m1-customer-accounts-accessed-during-websi... 10/14/2014

    You might also like