Personal information of 12 customers compromised after website flaw: M1
PUBLISHED ONSeptember 17, 2014 1:16 PM
SINGAPORE - 12 M1 customers had their personal information accessed illegally due to a security flaw on its iPhone 6 pre-order website, the local telco said on Wednesday.
M1 said that its investigation to date has detected one case of unauthorised access to the information of its 12 affected customers, such as their names and addresses. It stressed that credit card and bank account details were not accessible.
According to the preliminary findings into the website security breach on Sep 15, there was a flaw in the website's customer authentication mechanism, allowing possible access to its customer's personal information by changing data stored within a website "cookie".
"A security patch was immediately developed and deployed which rectified the flaw," M1 said.
M1 added that it has hired a few independent security specialists to conduct separate implementation and testing of the security patch.
"We will also implement additional layers of protection to mask website cookies."
On Monday (Sep 15), M1 suspended pre-orders of the iPhone 6 after discovering the security breach on its website.
It later posted an update on its Facebook page on Tuesday morning that it has fixed a potential security breach and has resumed accepting pre-orders for the iPhone 6.
grongloh@sph.com.sg