wordpress blog stats
Connect with us

Hi, what are you looking for?

Tata Sky, Croma websites potentially exposed millions of customers’ contact information: researchers

Websites for the Tata conglomerate’s retail chain Croma and DTH television service Tata Sky had a vulnerability that exposed millions of customers’ contact information and addresses, the Economic Times first reported. Rahil Bhansali on Medium broke word of the exposure, sharing a credit with Ankit Pandey for finding the vulnerabilities (post on Croma, post on Tata Sky). Both the companies have reportedly patched the issues.

A vulnerability on Tata Sky’s website allowed Bhansali — or any coder with sufficient knowledge of Application Programming Interfaces, or APIs — to get name, phone number, address, service requests, and payment history, among other data points, for several of the DTH provider’s customers. “I went to the website and added my phone number to do a quick recharge. To my surprise, it showed me my name, subscriber id, balance and subscription end date without even any form of login,” Bhansali wrote.

Since Indian phone numbers are only ten digits long and are provisioned sequentially, Bhansali was able to test an extraction of several other users’ numbers. He wrote to Tata Sky CEO Harit Nagpal, after which the vulnerability was reportedly patched. At least 22 million customers’ records were impacted, Bhansali estimated, but he said the real number may be much higher as the datasets include past customers.

The retailer Croma, which mostly sells electronics through its physical stores, also leaked customers’ names and addresses upon being hit with phone numbers. The company sometimes creates accounts on its website for in-store customers as well, so this problem could impact anyone who provided their number and address while checking out on Croma. Bhansali said the company had “temporarily” fixed the issue.

We have reached out to Tata Sky and Croma for comment.

Advertisement. Scroll to continue reading.

Written By

I cover the digital content ecosystem and telecom for MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.


When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.


The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ