Vulnerability in Movistar web form

Posted date 20/07/2018

The consumer association Facua has reported that data on Movistar's customers in Spain have been posted on its website. Accessible data includes names, addresses, e-mail addresses, telephone numbers and billing information.

According to the information published, this data was accessible to any user of the Movistar website, modifying the parameters of a vulnerable web form and thus accessing the data of other clients.

For its part, according to the information provided by Movistar, it was alerted by Facua that there was a vulnerability, but not of the nature of it, so it worked on identifying it proactively, solving it before it was made public, with the number of affected customers being less than one hundred. Movistar has issued several communiqués informing about the situation since the moment of detection of the incident.