Bharat Sanchar Nigam Limited (BSNL), the Indian state-owned telecommunications company is neither known for it's quality of service nor for customer satisfaction. To make their services more user-friendly they started allowing quick online recharge facility from their website, but this service has a data privacy loophole where anybody can check any BSNL subscribers prepaid balance with expiry date. While this may not sound a big security risk the data exposed can be used to device social-engineering phishing attacks, for example - a malicious hacker can fetch this data and utilize it for calling the subscriber as an BSNL employee supplying this information to gain trust of the consumer and asking them to order a highly subsidized online recharge from a fake website.
All one needs to do is to visit the portal at https://portal.bsnl.in/rc3/aspxfiles/instarecharge.aspx and enter any BSNL mobile number twice with a fake email id and go ahead with picking a recharge value. You don't need to complete the recharge, just pick any recharge value and submit, you will be shown the account status of the subscriber at the "Proceed For Payment" screen as shown above.