New Delhi, Mar 5: The intranet of state telecom provider BSNL was hacked into by French security researcher Baptiste Robert, also known by his Twitter handle ‘Elliot Alderson’. The tech wizard exposed the loopholes in BSNL's cyber security mechanism as the data of its 47,000 employees, along with pensioners, was found to be vulnerable.
After breaking into the BSNL database, Alderson reached out to the BSNL tech authorities, informing them about the vulnerability of their online data portal.
The telecom provider conceded the loopholes in its system, assuring swift action to be taken for strengthening the cyber security mechanism.
Alderson, known for his ethical hacking, said he has not accessed any private data of the BSNL employees. He said his aim to hack the system was only to warn companies with such huge employee database about the threat of SQL Injection, using which the hackers could easily break into their systems.
"I found this a few days ago, but I'm not the first one to discover it. This issue was discovered by an Indian, kmskrishna, two years ago. He sent mails to BSNL, even called senior officers, but nobody answered him. Once again, it shows the importance for big companies like BSNL to take into account this kind of alert," he tweeted.
"I want to thank BSNL for the cooperation and reactivity. All the issues have been disclosed to them privately and fixed during the weekend. I hope they will take appropriate actions internally," Alderson further added, posting the screenshot of his conversation with BSNL India officials.
First thing first, I want to thanks @BSNLCorporate for their cooperation and their reactivity. All the issues below have been disclosed to them privately and fixed during the weekend. I hope they will take the appropriate actions internally. pic.twitter.com/xSB5nzqZtF
— Elliot Alderson (@fs0c131y) March 4, 2018
Last year, Alderson issued a wake-up call to the governmental authorities after he hacked the database of TSPost, the official disbursement portal of Telangana. The state government, however, downplayed the security threat exposed, claiming the portal had turned dysfunctional after Andhra Pradesh's bifurcation in 2014. However, web archives reportedly showed the site containing information related to MNREGA and Social Security Pension beneficiaries of 2016 and 2017.