Megaleecher.Net

Making technology work for you...

Get Your Free Subscription By Email:

BSNL Security Loophole Allows Anybody To See Your Account Balance Amount And Expiry Date

Bharat Sanchar Nigam Limited (BSNL), the Indian state-owned telecommunications company is neither known for it's quality of service nor for customer satisfaction. To make their services more user-friendly they started allowing quick online recharge facility from their website, but this service has a data privacy loophole where anybody can check any BSNL subscribers prepaid balance with expiry date. While this may not sound a big security risk the data exposed can be used to device social-engineering phishing attacks, for example - a malicious hacker can fetch this data and utilize it for calling the subscriber as an BSNL employee supplying this information to gain trust of the consumer and asking them to order a highly subsidized online recharge from a fake website.

BSNL Security Loophole

All one needs to do is to visit the portal at https://portal.bsnl.in/rc3/aspxfiles/instarecharge.aspx and enter any BSNL mobile number twice with a fake email id and go ahead with picking a recharge value. You don't need to complete the recharge, just pick any recharge value and submit, you will be shown the account status of the subscriber at the "Proceed For Payment" screen as shown above.

Comments

Even there is for hathway,i knew the loop holes

True you can check any number !!

I think its not a Loophole but service feature for subscriber...
Bsnl has made this feature for subscriber to know about his current Balance and Validity before he proceed for Recharge so that subscriber can be aware with all the details.......I think its in the interest of Subscriber....

Yes, but letting users see anybody's balance is something which is not a good practice and can be used to do hacking attacks via social-engineering.

Extend your BSNL Mobile validity online using this tutorial.

Add new comment

This is just one of the many helpful tips we have posted, You can find more stories here,
Do subscribe to updates using your favorite RSS feed reader or using the secure FeedBurner email update form on top of this post.