Security Bugs in Telenor Website Could Reveal IMEI, Handset Details and Other Info of 30 Million Customers

telenor_logoA hacker from Pakistan yesterday unveiled a critical vulnerability in Telenor Pakistan’s website that could be exploited to find out handset related information of Telenor’s entire customer base.

Instead of mis-using this vulnerability in Telenor’s system, the hacker decided to report the bug to Telenor Pakistan — through ProPakistani — which was eventually fixed by Telenor later in the evening.

Through this specific security flaw anyone, with little computing knowledge, could find out the handset model of Telenor number holders. Additionally, the IMEI number, IMSI, ICCID numbers could also be displayed to anyone. With this bug, anyone could blacklist a Telenor number.

By simply entering the Telenor number of a customer into the system, anyone could find out the history of mobile phone models that the customer had used during his relationship with Telenor Pakistan.


Hacker, who wants to remain anonymous, told ProPakistani that he had found this vulnerability while browsing the website, exposing that anyone could have found the bug and had mis-used this serious bug to find out information of Telenor customers.

Responding to ProPakistani’s query on the matter, Ms. Atifa Asghar, Director Corporate Communications & Responsibility, Telenor Pakistan said that her company places a strong emphasis on confidentiality, privacy and security of data.



“Yesterday, we became aware that through a particular mechanism it had become possible to extract handset related information like IMEI”.

Atifa Asghar, Director Communications, Telenor Pakistan.


“Yesterday, we became aware that through a particular mechanism it had become possible to extract handset related information like IMEI. We immediately investigated the matter and took timely remedial measures to plug this breach”, said Atifa Asghar.

Recent hacking of Telenor’s website and emergence of above-mentioned security flaw pose serious threats to customers’ private and confidential data that can go into wrong hands due to (apparently) thin security of cellular companies’ websites.

Atifa, however, reassured that safeguarding customers’ personal information and data is an integral component of Telenor values and philosophy.

Tech reporter with over 10 years of experience, founder of ProPakistani.PK

  • yar ya to hur banda use kar raha hai itsss toooo old is ka to tool b bana hua a aur ya to buhat arsa sa use ho raha a is sa pehla telenr weblounge per sai wajae thi us per sa to sim b block ho jati thi hahahaha hahahahha aur hur 1 hi info b a jati thi……… us per sa b kafi 2 numbari ki hai kafi logo na

  • i am a telenor user and i dont know what the hell they are doing its been so many months that they havent fixed web self service it was very useful for me and for other many customers…

    and i also saw there were same fake websites for this web self service but they are in deep sleep i guess … Lakh wali _______ :@ :@

  • wo us weblounge sa b logo na bari wajaeeee thi telenr ki hahahaha hahahaha hur ek ka daata lauch ho raha tha us ki kafi complain ka baaad band kar d gae hahahaha hahahah

    abi to ya telenr hai abi to ashi ashi chezaaa ae hue hai na ka bs na e pochooo yar……… buhattttt 2 numbari hai net per…….. Allah bus hur insan ko naek amal karna ki tohfeek da aur in kamo sa doooor rakhaaa…………. :'(

  • it was too old, visitors could check emei of user, cellphone model, last downloading status of gprs/mms settings, could send gprs settings, etc.

  • hahaha…how can a website leads to customer’s data hahaha….I am telenor customer since last 3 years and will still remain

  • >