The Limited Times

Now you can see non-English news...

Security breach on Bezeq International website Israel today

2020-11-02T11:47:33.291Z


| Privacy and securityThe breach made it possible to reach the names, addresses, credit details and even emails of customers • Bezeq International: "A temporary problem was identified that was fixed immediately" • First publication Photo: Yinon Ben-Shoshan A serious security breach on the Bezeq International website allowed access to the digital invoices and the personal area of ​​the company's customers. This is a


The breach made it possible to reach the names, addresses, credit details and even emails of customers • Bezeq International: "A temporary problem was identified that was fixed immediately" • First publication

  • Photo: Yinon Ben-Shoshan

A serious security breach on the Bezeq International website allowed access to the digital invoices and the personal area of ​​the company's customers.

This is a weakness that has allowed anyone to view sensitive information - such as names, addresses and ID numbers.

In addition, it was also possible to access the cloud storage service of any Bezeq International customer, to penetrate e-mail accounts, and also to receive the number 014, which allows dialing abroad.

Shahar, a 16-year-old from the center of the country who exposed the loophole, noted that all he had to do was tap 6 digits on the keyboard.

"I helped my uncle watch his monthly invoice at Bezeq International," he says in a conversation with Israel Today.

"After I connected it to a computer remotely, the site asked for a code verification by email. We waited a few minutes and out of curiosity and despair and when we did not receive any code I decided to just enter code and see if it would work - and it worked."

Security Joes

"I did not believe it was so so today I logged into my uncle's account, with his consent, to check things again. This time too I asked for a password reset and this time I also got a password reset option. But I did not enter the number they sent to my email - "I just wrote a combination of numbers and it just went into the account," he adds. 

Security company: You can take over any account at Bezeq International

In an inspection we conducted with a private security company, it turned out that this was indeed a burglary for all intents and purposes.

"Once I have an email and an ID number which is a very easy thing to get, you can just dial another cell phone number and then get a sms and reset the account and actually take over," explains Ido Naor, CEO of Security Joes.

"An SMS message should not be sent to an undefined device, but there is another problem - there is no check on the one-time password sent to the device," Naor adds.

"An attacker will actually enter 6 random digits, for example 123456, and the mechanism will confirm the change of the existing number (of the victim) to the new number (of the attacker)."

An international flash said in response:

"Entering the personal area of ​​the site is done by entering two identifying details of the customer. After identification, as part of improving the service, we allowed customers to update the phone number on the site after receiving a personal phone code.

Source: israelhayom

All tech articles on 2020-11-02

You may like

Trends 24h

Tech/Game 2024-03-27T18:05:36.686Z

Latest

© Communities 2019 - Privacy

The information on this site is from external sources that are not under our control.
The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.