Basic programming error opens access to millions of Telefónica subscribers' data

In July 2018, a hacker attack exposed the personal data of millions of Spanish subscribers Telefónica's Movistar service. The data included identity and payment information, phone and national ID numbers, banks, and calling data. The cause was a basic programming error known as an "enumeration bug" that allowed anyone logged into one account to alter the ID number inside the URL and view others' data. It was not clear that the data had been exploited. However, Telefónica CEO suggested that the moral of the story was that attackers would "get into any network sooner or later".  The Spanish NGO FACIA, which specialises in consumer rights, filed a complaint with AEPD, the Spanish data protection authority.

https://www.scmagazine.com/home/security-news/data-breach/telefonica-breach-leaves-data-on-millions-exposed/

https://www.scmagazineuk.com/telefonica-breach-leaves-data-millions-exposed/article/1487998

https://www.theregister.co.uk/2018/07/18/telefonica_spain_privacy_snafu/

writer: Teri Robinson; John Leyden

Publication: SC Magazine; The Register