Sci & Tech

Ministry Plugs Irancell Data Leak

Ministry Plugs  Irancell Data LeakMinistry Plugs  Irancell Data Leak

Local media reported last week that the personal data of nearly 20 million subscribers of Iran's second largest mobile operator were leaked online.

The information on MTN-Irancell's subscribers was leaked through a robot—known as MTN Pro Bot—on the social media application Telegram, Mehr News Agency reported at the time.  

Using an Irancell phone number—specifically numbers with the digits 0939, 0938, 0937, 0936 and 0935 at the beginning—the robot would make available the subscribers' personal information, including their full name, national ID number, address, post code and landline number.

The numbers had all been purchased before the year 2014 and the bot could not be used for numbers that had been sold in the following years.

According to ISNA, by March 19, 2016, Irancell had sold a total of 79,884,000 SIMs, of which only 30,546,000 of the SIMs are used actively.

The robot, which reportedly was at first only active in two groups on Telegram, spread quickly among users of the most popular messaging app in Iran.

It is estimated that Telegram has well over 20 million active users in Iran. It was only a matter of time before the issue was picked up by Iran's Ministry of Communications and Information Technology.

Mohammad Reza Farnaqi-Rad, the ministry's spokesperson, told IRNA that following a directive released by Telecoms Minister Mahmoud Vaezi to safeguard the privacy of subscribers, the robot was blocked and removed from Telegram. In cooperation with Iran's Cyber Police, the ministry set out to identify and arrest the person behind the bot.

Speaking later in the parliament, Vaezi noted that Irancell had filed a complaint against the person who had created the bot and "the ministry will be investigating the issue until it is sorted out".      

The minister noted that a similar incident happened three years ago when the data available on nearly 20 million subscribers were sold at a cheap price to a third party.

The source of that leak was not revealed at the time or even later. Neither did Irancell issue a formal apology to its subscribers.  The ministry released an official statement, noting that its major responsibility is to secure the privacy of mobile subscribers. It also said the recently leaked data were the same as the information leaked three years back, YJC reported.

The ministry's spokesperson also said that the information on subscribers to other mobile phone operators—Hamrah-e-Avval (or MCI) and RighTel—was secure and had not been leaked.

Days after the news was released to the public, MCI sent out an SMS to all its subscribers informing them that their information was secure. Many users said the text message seemed rather opportunistic in tone.  

Days later, Lieutenant Colonel Hossein Ramezani, a legal deputy with Iran's Cyber Police, announced that the creator of the bot was arrested in one of the western cities of Iran.

The alleged culprit was a 19-year-old software engineering student who said he had only created the bot out of sheer curiosity. In an interview published by the Iranian Judiciary's news agency Mizan, the unnamed offender who apparently did not have any previous criminal records said he was only seeking fame and did not think the issue would go this far.

Five days after the initial leak, Irancell responded to the issue in a press release and denied that any information had been hacked.

The statement said "neither any information system nor any information belonging to MTN-Irancell's subscribers has been disclosed, stolen, hacked, or attacked by outsiders."

Irancell's press release claimed that such an issue was a predictable scenario, as the country's mobile operators are on the verge of launching Mobile Number Portability services.

While assuring subscribers that the company "has always respected confidentiality and privacy of its subscribers", the statement said such media reports will have "no negative impact" on the company's operations.  

The official statement released by the ministry after the alleged arrest of the offender, however, stated that the claims regarding unhealthy competition were irrelevant and if any such case was proved, the ministry would not refrain from addressing the issues.