Maxis online selfcare bug leads to privacy breach?


Privacy has been a sensitive issue lately especially when people getting spam or have their conversations and SMS history leaked to the wrong people.

Just today, somebody has spotted a bug on Maxis Online Selfcare service. According to the blog post by Arsyan, he was logged into a different account when he tried to view his bills.

So what’s the big deal? Well, with access to someone elses online selfcare account, you can view their call history, personal details and even backed up personal contacts.

With immediate response as a form of damage control, Maxis initially tweeted back saying that this is merely a bug and he was viewing a test account. However at the same time, they also insisted that he pull down his screenshot of the page showing the victim’s details. When pressured further that their test account claim is bluff, Maxis replied the number may be real but the “so-called” profile and number are not related.

Of course being unsatisfied with the answer, he went ahead to confirm his suspicion by contacting the number to confirm if the person is real. As expected, it was the real person as shown on his Maxis login.

Arsyan isn’t the only one as another user also faced the same problem. From what we’ve understand, this has been fixed and we can’t seem to replicate the bug.

So what’s the story Maxis?

Read the full story here.