Security Bugs in Telenor Website Could Reveal IMEI, Handset Details and Other Info of 30 Million Customers

telenor_logoA hacker from Pakistan yesterday unveiled a critical vulnerability in Telenor Pakistan’s website that could be exploited to find out handset related information of Telenor’s entire customer base.

Instead of mis-using this vulnerability in Telenor’s system, the hacker decided to report the bug to Telenor Pakistan — through ProPakistani — which was eventually fixed by Telenor later in the evening.

Through this specific security flaw anyone, with little computing knowledge, could find out the handset model of Telenor number holders. Additionally, the IMEI number, IMSI, ICCID numbers could also be displayed to anyone. With this bug, anyone could blacklist a Telenor number.

By simply entering the Telenor number of a customer into the system, anyone could find out the history of mobile phone models that the customer had used during his relationship with Telenor Pakistan.

[two_third]

Hacker, who wants to remain anonymous, told ProPakistani that he had found this vulnerability while browsing the website, exposing that anyone could have found the bug and had mis-used this serious bug to find out information of Telenor customers.

Responding to ProPakistani’s query on the matter, Ms. Atifa Asghar, Director Corporate Communications & Responsibility, Telenor Pakistan said that her company places a strong emphasis on confidentiality, privacy and security of data.

[/two_third]

[one_third_last]

“Yesterday, we became aware that through a particular mechanism it had become possible to extract handset related information like IMEI”.

Atifa Asghar, Director Communications, Telenor Pakistan.

[/one_third_last]

“Yesterday, we became aware that through a particular mechanism it had become possible to extract handset related information like IMEI. We immediately investigated the matter and took timely remedial measures to plug this breach”, said Atifa Asghar.

Recent hacking of Telenor’s website and emergence of above-mentioned security flaw pose serious threats to customers’ private and confidential data that can go into wrong hands due to (apparently) thin security of cellular companies’ websites.

Atifa, however, reassured that safeguarding customers’ personal information and data is an integral component of Telenor values and philosophy.

Tech reporter with over 10 years of experience, founder of ProPakistani.PK


  • A4Apple

    Damn :/ aB nI bAtaEgA kOi TumE kuCh :/ jO bAtAo bANd kArwAdeTy Ho :/ :/

  • yar ya to hur banda use kar raha hai itsss toooo old is ka to tool b bana hua a aur ya to buhat arsa sa use ho raha a is sa pehla telenr weblounge per sai wajae thi us per sa to sim b block ho jati thi hahahaha hahahahha aur hur 1 hi info b a jati thi……… us per sa b kafi 2 numbari ki hai kafi logo na

  • ya link tha ya wala jaha sa sb kch ho raha tha

    http://dms.telenor.com.pk//portal/auth/portal/CcaPortaltp/default

    • fxit

      thanks dextor for the info

    • A4Apple

      ARey KashiF BhAi yAR iN SaHAb kO BohAt KeeReY UtH rAe thEy :/ InhO nE jA K Tele WALo ko boL diA :/ :/

      • hahahahaha bolna da yar…………..

        hahahahahha kch ni hota a

    • bt nw itz nt wrking

    • yeh woh link hai jis se hackers ke programs data retrieve kartay thay lekin real main online link doosra tha :)

  • your news is old ya to i thnk 6 month pehla mai na link dekhaaa tha……… :)

  • nafees ahmed arain

    i am a telenor user and i dont know what the hell they are doing its been so many months that they havent fixed web self service it was very useful for me and for other many customers…

    and i also saw there were same fake websites for this web self service but they are in deep sleep i guess … Lakh wali _______ :@ :@

    • yeah, the web self service is not fixed yet, and its been months and months -_-

  • Aaliya

    as a telenor customer i am worried now

    • imran

      so am i

      • As a Pakistani you all should not worry! Because we are here for your security brother!

    • hahahahaha :P

      abi to ya kch b nahi a dear :)

      • A4Apple

        l0l :P :P :P JuSt TeleNoR mE nI hAN BuGSS :P :P NET se RelAted Jo KuCh b hA uNmE kAhi nA kAHi kOi nA kOi bug hA :D :D

        • nafees ahmed arain

          “WrItINg LikE ThIS” doesnt make you cool bro :P get a life !!!

          • A4Apple

            l0l :P BTW Admin oF PRo PK : jiSSe ApnE yE sAb DetAilSs li ThIn : wO Anonymous Hacker : APnE uSSe yE DetAilSs ki kEh k liN Thin ? yE k mE TelenoR waLo kO bAtAoNgA ? And NafeeS eSi WriTinG Se coOl Ni hoTe :D WeSe Hi thAnd hA :P

        • thanda hoja yar kuch ni hota :)

      • yeah :P I have many things more :D Sql vulnerabilities and different informative vulnerable servers :D

    • As a Pakistani you all should not worry! Because we are here for your security sister!

    • shez3d

      Aliya Dont worry about the integrity of your security!, they wont be able to see your calls and sms logs :D

  • wo us weblounge sa b logo na bari wajaeeee thi telenr ki hahahaha hahahaha hur ek ka daata lauch ho raha tha us ki kafi complain ka baaad band kar d gae hahahaha hahahah

    abi to ya telenr hai abi to ashi ashi chezaaa ae hue hai na ka bs na e pochooo yar……… buhattttt 2 numbari hai net per…….. Allah bus hur insan ko naek amal karna ki tohfeek da aur in kamo sa doooor rakhaaa…………. :'(

  • Salman Abbas

    You’d expect better from the makers of Opera browser. :/

  • ali

    Aamir I had very bad experience from Telenor services last
    week. I want to write blog about their services.

    • aamir7

      Sure, you can get to me here: https://propakistani.pk/contact-us/

      • A4Apple

        AamiR TelL mE : yE DetAil JiSne ApkO Di uSne iS lie Di ThI k Ap TelenOr waLo ko DeDo ? Just wANnA ConFiRm SoMeThiNg

  • Impresive Tanweer

    it was too old, visitors could check emei of user, cellphone model, last downloading status of gprs/mms settings, could send gprs settings, etc.

  • Abdul Khalid
  • Tahir

    hahaha…how can a website leads to customer’s data hahaha….I am telenor customer since last 3 years and will still remain

  • What I didn’t hear you.. Telenor fixed it.. !!! buhahahahah :D