Tuesday 2 November 2021, Poradnik bezpieczeństwa

Data of Plus carrier’s client made available


If you are the owners of the phone number of the Plus mobile carrier and its other brand Plush, you must bear in mind that your data may have fallen into the wrong hands.

Whichever person that entered a special sub-page in the Plus domain had access to the operator’s customer data. According tot the Niebezpiecznik portal, third parties could determine who the phone number belongs to, find out its PESEL number and home address along with other data.

According to Niebezpiecznik, the application programming interface, the so-called API used to control IT systems was not secured with any token. The portal reported the problem to the network’s carrier, receiving a response in which Plus confirmed that an API-related error had crept in one of its ICT systems. The operator confirmed that it was possible to access customer data such as personal data.

As the operator assures, the error was quickly eliminated and reported to the Personal Data Protection Office. Customers whose data was available with unauthorized access were also notified.