Beeline sends details of conversations to strangers

    In 2015, I wrote several articles about Beeline and its games with HTML code:

    Since then, the operator was no longer seen in this kind of incidents, but today I want to tell you how Beeline sent the call details to the owner of the number.

    Any operator has the opportunity to view the details of calls and other services through a personal account, you can also often find an option, when connected, the operator will send a file with details to the mail once a month. The function is quite convenient, and at some point I decided to use it by connecting it to all my 8 numbers. Some of the numbers were used only for Internet in tablets and modems, so I did not remember them by heart.

    On some autumn day, after receiving the detail files and briefly reviewing them, I saw unfamiliar numbers and other information in the detail for one of the SIM-cards, and the sum of my expenses was not very similar. My first thought is that someone got a duplicate SIM card and started spending money, but this idea immediately disappeared, since all SIM cards are working, and the detail comes in the past month.

    After searching the mail for the phone number specified in the suspicious detail, I saw a lot of letters with the same number, but sent more than six months ago. At that moment I realized how I got the detail with the confidential data of a completely different person, but I could not understand how the telecom operator made such an error.

    The solution was very simple. Beeline has a wonderful service - changing the number. If for some reason you are tired of your current phone number and you want to change it, then you can do it without leaving your home: just for 30 rubles and a couple of minutes you can get another number that will be attached to an existing SIM card. The service is quite convenient, and about six months before the events I described, I decided to use it (life hacking: never call car dealerships from a “live” number, they will call you back every day). The number change was successful, and I forgot about it safely.

    As you probably already guessed, after six months my old number found a new owner, but for some reason the combination “number and e-mail to send the details” was not updated, so I received the details of the conversations that the current subscriber of my old number made . Through an employee of Beeline, I immediately told about the bug I had found and received the answer that the bug would be fixed as soon as possible. Unfortunately, this employee no longer works in this company, so the status of the vulnerability is unknown to me, although I really hope that in 3 years the error has been fixed.

    Of course, this vulnerability did not allow to obtain the details of a particular subscriber, as there were no guarantees at all that the old number would receive a new owner in the short term, however, given that in recent years, operators have not received new number pools, and subscribers use the used numbers, the prospect of receiving information about calls and SMS by a stranger is not very encouraging.

    Also popular now: