The breach came to light after a Movistar user reported it to FACUA, a Spanish non-profit specialized in consumer rights protections. The user discovered that anyone with a Movistar account could view other users’ personal data, according to Bleeping Computer. The organisation says it notified Telefonica of the issue on Sunday, July 15, and FACUA announced the breach in a press conference on Monday, July 16, 11:00, local time.
FACUA says that the page for viewing Movistar invoices embedded the invoice alpha-numerical ID inside the online account URL. Any user modifying this ID could then access other users’ account data.
According to a FACUA spokesperson, the agency filed a complaint against Telefonica Spain and Telefonica Mobile with the Spanish Agency for Data Protection (AEPD), the national agency in charge of enforcing the new GDPR data protection rules.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.