Updated: 09/17/2014 21:44 | By Channel NewsAsia
One case of unauthorised access uncovered in M1 security loophole investigation
SINGAPORE: M1's investigation into a security loophole on its website has uncovered one case of unauthorised access to some personal information of 12 customers, the telco said on Wednesday (Sep 17). This information included their names and addresses, but credit card and bank account details were not accessible.
A Computer Science masters student had told Channel NewsAsia on Monday (Sep 15) that by using a cookie modifier plug-in on Google Chrome, he apparently managed to access forms showing data from other customers. This security loophole caused M1 to temporarily suspend pre-orders for Apple's iPhone 6 smartphones on Monday (Sep 15).
M1 said a security patch has been deployed to fix the security flaw in its website's customer authentication mechanism. By changing data stored within a website "cookie", this flaw had allowed possible access to another customer's personal information, it said.
Apologising for the incident, the telco said that independent security specialists will be doing penetration testing (an attack on a computer system meant to detect security weaknesses) and additional layers of protection will be implemented to mask website cookies. - CNA/xy
