Basic programming error opens access to millions of Telefónica subscribers' data


In July 2018, a hacker attack exposed the personal data of millions of Spanish subscribers Telefónica's Movistar service. The data included identity and payment information, phone and national ID numbers, banks, and calling data. The cause was a basic programming error known as an "enumeration bug" that allowed anyone logged into one account to alter the ID number inside the URL and view others' data. It was not clear that the data had been exploited. However, Telefónica CEO suggested that the moral of the story was that attackers would "get into any network sooner or later".  The Spanish NGO FACIA, which specialises in consumer rights, filed a complaint with AEPD, the Spanish data protection authority.

writer: Teri Robinson; John Leyden

Publication: SC Magazine; The Register

See more examples
Related learning resources