MTN South Africa Shuts Down eBilling Portal Over Security Breach

MTN1

South African telecommunication provider, MTN, has shut down its e-billing portal due to security concerns, according to a report on Techcentral.

The decision followed a security breach, which meant anyone could easily access customers information including billing details.

An anonymous commenter on TechCentral  had detected the error and explained that the breaches involved an unencrypted e-billing platform and absence of any authentication to access information from the database.

According to Techcentral, “Just a simple hash string was appended to the e-billing website address — meaning anyone could guess the string and potentially bring up user information at random,” leaving customers at the mercy of good guessers.

In a move to stem the vulnerability, MTN plans to lengthen the hash string, making it more difficult to make random guesses to access a customer’s information.

The company has temporarily taken the system offline until a secure solution has been developed, the report said.

Photo Credit: Yuri Yu. Samoilov via Compfight cc