Bugged Maxis Online Account System Shows Other's Personal Info

by Lucas

Wednesday, 06 October 2010 09:00 AM

Uh oh, it looks like Maxis have made a boo boo with their users online accounts. According to local blogger and founder of the Malaysian social media site Kawanster, Arsyan Ismail, a huge breach in privacy was uncovered on Monday whereby if you log into your Maxis online account, you may be randomly logged onto someone else's account instead. Once in, you can view a goldmine of personal information like phone numbers, personal emails as well as their phonebook if they backed it up with Maxis previously. Access to such information opens Pandora's box to potential hackers, stalkers and Nigerian princes to get up to all sorts of tomfoolery. What's worse than this bug of epic proportions? The response via Twitter to Arsyan. “MaxisListens: @arsyan @demonick As a result, customers who logged in to the portal were able to see a TEST A/C which was not a valid Maxis cust’s profile.” Which of course is a crock of bull. And after being called out, another equally mind boggling reply. "@arsyan The number may be real. However, there is no real association between the profile & user. @demonick" There's even a screenshot of an SMS exchange between Arsyan and one of the compromised accounts! Come on Maxis, stop with the lame excuses and just man up and fix the problem already. No official word from Maxis about this yet, and as far as we know, the problem is widespread and not isolated. Let's hope that Maxis have a team of people working on this around the clock as this is no small matter. In the mean time, read the full story with screenshots at Arsyan's blog post in the source link. Baaaaad Maxis! (Source: Arsyan.com)