• Home
  • |
  • blog

  • |
  • Information leakage of informa...

Information leakage of information leakage in other people's contract content and number of numbers in an app for cheap communication users

Written By mobilephonebrand
全3487文字PR

Internet initiative caused an information leak on July 15, 2021.In the smartphone application for customers of the cheap communication service "IIJmio", some of the phone numbers and contract information of other users were misunderstood.It was due to a bug in the server's application.The company immediately stopped operating the app and took less than four months to resume.

 "On the screen of the app you just downloaded, a strange phone number is displayed."Users pointed out the support centers of the cheap smartphone service "IIJmio" by Internet Initiative (IIJ) on the afternoon of July 15, 2021.

 The problem with the smartphone application is "My IIJmio".This is a management app that checks the contract content, billing amount, data communication results, etc. for users who have contracted for the IIJmio price plan "Giga Plan".At 10:00 am on the same day, IIJ was released to the application store operated by smartphone vendors by smartphone vendors, specifically to the Apple "Apple App Store", Google Play in the United States, and Huawei Appgallery in China in China.It was just announced.

 With a user, IIJ just began to investigate.As a result, it was found that a problem had occurred in which the contract information of some users contracting for Giga Plan was displayed in another user app.The information leaked due to this trouble ranged out a wide variety of information, such as a part of the phone number, a user ID, an application date, and the start date of the user, the billing amount, the data communication capacity, and the remaining amount.

 It was no longer a postponement.IIJ determines that it is a information security accident that violates the protection provisions of the "Secret of Communications" under the Telecommunications Business Law "(Junichi Shimagami Managing Director), My IIJmio at 6:55 pm on the same day to prevent the spread of damage.The operation has been stopped.

 IIJmio is a cheap smartphone service that IIJ has been deployed since 2012.As of the end of September 2021, the number of contracts was 1.07 million.According to a research company MM Research Institute, the IIJ is the leader in the cheap smartphone service market of an independent smartphone company, which is not under the umbrella of a major mobile phone.

格安通信利用者向けアプリで情報漏洩 他人の契約内容や番号の一部を誤表示

 However, the competitive environment is becoming more intense.NTT DOCOMO, KDDI, and SoftBank attacked with a low -priced brand with communication charges, and Rakuten Mobile in the "4th axis" has also launched a cheap plan with monthly data traffic "1 gigabytes or less" from April 2021.rice field.

 In response to these movements, the Giga Plan is a new rate plan introduced by IIJ in April 2021.Not only small capacity, which is the main battlefield of cheap smartphone services, but also high -capacity price range that major mobile companies are good at, the price is highly competitive.In June, a function to share and present data communication with multiple lines was added, and it also supported 5G (5th generation mobile communication system).

 My IIJmio is a newly developed smartphone app for Giga Plan.Unlike a major mobile phone company that organizes more than 2,000 mobile shops per company, cheap smartphone companies such as IIJ basically provide customer support online without having stores.My IIJmio is an important customer contact point for IIJ to enhance the user of the mainstay Giga Plan and connect users.Ironically also caused information leakage.

 According to IIJ, the total number of users displayed the contract information in another customer application is 254.By July 16, the following day, IIJ announced the fact that the affected users were individually contacted, reported to the Ministry of Internal Affairs and Communications in the correspondence market, and announced the information leaked at 6:20 pm on the same day."I'm sorry for your concerns, inconveniences, and I'm sorry. I'm very sorry," he apologized.

 The direct cause of this trouble is the problem of the API (application programming interface) server program developed by IIJ for My IIJmio.

 IIJ operates a business support system that manages customer information and billing information as an MVNO (virtual mobile communication provider) that handles cheap smartphone services.The API server plays a role in bridging the data exchange between the business support system and the My IIJmio app on a smartphone.The API server collects contract information and billing information from the business support system in response to the request of the app, and sends it to the app.