Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News
News Categories

M1 releases preliminary findings of its investigation on website security incident

By Sidney Wong - on 17 Sep 2014, 8:30pm

M1 releases preliminary findings of its investigation on website security incident

 

M1 just released the preliminary findings of its investigations on the website security incident which occurred two days ago.

According to the telco, a security flaw in the design of an application programming interface in the customer authentication mechanism of its website allowed anyone to access personal information of customers by changing data stored within a website "cookie". The flaw has since been rectified with a security patch.

Further investigations also revealed one case of unauthorized access to some personal information of 12 customers such as their names and addresses, but information on credit card and bank account were not accessible. The telco is in the process of contacting the customers.

In addition, the telco's independent security specialist has begun penetration testing, post-implementation of the security patch which will be tested by another independent specialist. M1 also states that it is implementing more layers of protection to mask website "cookies". 

On September 15, M1 was notified of a potential security breach on its website. As a precautionary measure, the telco suspended the pre-orders for the Apple iPhone 6 models temporarily so that it could protect customers' information and investigate the issue.