Telkom billing flaw exposed customer details
MyBroadband recently received reports from Telkom subscribers that a billing flaw in the company’s invoicing system exposed private customer details. While using Telkom’s online account platform, one customer and one former customer noticed they were not being shown their invoices when accessing the site. Instead, they were shown the details of other Telkom customers.
This included customer names, account numbers, and line items on their invoices. The impact of the flaw appeared to be limited, as Telkom customers were reportedly seeing the details of a specific set of Telkom clients. When a user refreshed the invoice pages in Telkom’s online client portal, it appeared to cycle through the same customer invoices.
Certain details were of strangers, which may rule out a caching problem related to sharing the same public IP address.
It is not clear how long the flaw was active, or how many customers it affected, but Telkom said it has been fixed. “This was a minor system issue that arose due to a recent system upgrade,” Telkom told MyBroadband. “The issue was immediately resolved as soon as it was detected.
We apologise to our customers and assure them that every effort has been made to ensure that such an incident does not occur again.”