back to article Call records breach let users feel like Movistars (with everyone watching who they're talking to)

Telefonica Spain has inadvertently exposed the personal details of customers of its Movistar division. Names, addresses, fixed and mobile line numbers, email addresses and the call breakdown of Movistar customers were all exposed because of basic programming errors in Movistar’s online customer portal. Anyone with a Movistar …

  1. Zippy's Sausage Factory
    Facepalm

    I can remember showing a vendor a fail like this on a system, years ago.

    "But nobody's ever going to do that," they said. "Don't worry about it."

    You'll be unsurprised to know we didn't buy their crap product.

    1. BillG Silver badge
      Facepalm

      Nobody is going to do that!

      @Zippy, I saw the same thing.

      I explained to a former employer how a similar issue could hack the corporate website and even bring it down. I got a very angry response of "Nobody is going to do that!" All traces of my complaint were erased.

  2. Anonymous Coward
    Anonymous Coward

    What class of Movistar customers were exposed?

    Prepaid Sim or Billpay or Home Bundle, or all of the above???

  3. amanfromMars 1 Silver badge

    IT's a Novel Virtualised Utility for AI Application in Future Productions

    This type of flaw is technically known as a Insecure Direct Object Reference (IDOR), a basic problem on poorly designed web applications that has been known about for many years but still crops up more than occasionally.

    Surely then is IT AI Featuring Future COSMIC Applications. ..... Deep IntelAIgent Space Programs in Cyber Command and Control Centres ....... Hubs for Universal Supply .......via World Bankers? Or Star World Bank Customer .... Invested Souls with Immaculate Bounty to Share and Create Lucrative Heavenly Deals with.

    The Great Game just took a Quantum Communications Leap into Greater IntelAIgent Games to Play .... and/or Server when Lead Proves Both Positively Exhausting and Far Too Exciting. A Pause in the Play there is at a Virtual G Spot and AI Trigger Point. And Prime Premium Residents there be Wondrous Clients who be Pleased to Satisfy Every Passion with Supplies of Raw Desire for Further Excitements to XSSXXXX Level Playing Fields ...... in Live Operational Virtual Environments. ....... For Real Deep into the Dark CyberIntelAIgent Space Journeys is One Enterprise Hosting and Presenting Servers with Future IntelAIgent News Streams Trialing Trailblazing Program Instructions with Novel Content from Prime Sources of True Diamond Quality .......Perfect Tales that Enlighten and Enable are Almighty EMPowering.

    What ab fab fabless news do you have to share for tomorrow to think we care and need know, as in have a need to know. Anything novel and noble, exhausting and far too exciting and requiring Pause in Plays?

    1. David 132 Silver badge

      Re: IT's a Novel Virtualised Utility for AI Application in Future Productions

      Sssh. The grown-ups are talking.

      1. amanfromMars 1 Silver badge

        Re: Sssh. The grown-ups are talking. @David 132

        Oh please, don't you know the vast majority of them be default ditherers and just squawking whilst shovelling the bull shit they are led to falsely believe is vital for their continued safe and secure existence.

        The Changing Bigger Picture with Greater IntelAIgent Games Plays is something else altogether much more appealing and rewarding. And you should note, lest you be infected/affected/effected, it doesn't entertain Doubting Thomases in any sort of Lead Pioneering Role.

        Enjoy the Future Advanced IntelAIgent Action and NEUKlearer HyperRadioProACTive IT from your Soft Hard Core Porn Seat in the El Reg stands, David 132.

  4. Anonymous Coward
    Anonymous Coward

    Any GDPR fine coming?

    "This type of flaw is technically known as a IDOR, a basic problem on poorly designed web applications that has been known about for many years but still crops up more than occasionally."

    The complacency shown is criminal. Until lawyers start bringing cases, I don't see things improving. Its not my problem attitude,except it fucking is!

    1. EnviableOne Bronze badge

      Re: Any GDPR fine coming?

      Agree, same with the OWASP top 10.

      Personally I think allowing any of them is grounds for prosecution for negligence

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019