A Jazztel supplier leaves a million phone numbers unprotected due to a security breach
The ADSL House security breach has now been fixed without serious consequences, despite having been active for the last two months.
ADSL House dedicates its activity to attracting customers for the Jazztel telephone operator, within the Orange Group. Today it has been known that a large number of customer contacts have remained unprotected for months on the company’s website.
The Mijazztel.com website is the source affected by the security flaw. A problem that allowed a cybercriminal to steal the information of Jazztel customers, more than one million that should be protected in this company’s database, according explains Vozpópuli.
The security breach is of type SQL Injection, a type of failure that is usually given by the outdated system. The attackers could have injected a code to take control of certain parts of the web page and, after stealing customer data, sell it on the deep web.
Building the page Mijazztel.com it is the responsibility of the company Vector Software Factory, the same that has given the warning when discovering the fault that is already solved. This time, luckily, the security breach has been detected by an ethical hacker, i.e. a cybersecurity researcher who has alerted to the problem to find its solution.
ADSL House ensures that the gap is already repaired and that there has been no theft in this regard, so customers can rest assured. In order to get new clients for Jazztel, offers from the operator are published on this website and the interested user can leave their phone number so that ADSL House professionals can contact them later or call a toll-free number directly to find out. Those data are stored in that database.
SQL Injection bugs are common in computing and we have seen them on previous occasions such as the security breach of the Generalitat of Catalonia website. According to the new General Data Protection Regulation (GDPR), companies are required to report certain types of data breaches within the first 72 hours of detection.