UK mobile network Three accidentally revealed user data through a flaw in an online survey

David Cameron using a computerGetty Images EuropeThe personal data of Three customers leaked online.

Three, a major mobile phone network in the UK, accidentally revealed user data through a security flaw on one of its websites, The Register reports.

Security researcher Joseph Redfern found that entering any phone number into Three’s survey site would expose the name and email address of the person it belongs to — meaning you could input a stranger’s number and their contact details would be revealed.

The weird part about the security flaw is that the personal data wasn’t actually used on the survey site once it was loaded on the web page. 

Redfern says he informed Three customer support about the vulnerability, but never heard anything else from them. The next thing Redfern knew, the site had been taken offline, and Three’s survey API was removed.

We reached out to Three for comment on this story. 

Below is a video that Redfern made to explain the vulnerability:

The Three vulnerability is similar to a problem that Uber ran into earlier this week. It created a petition microsite that allowed respondents to enter special characters (like # or <), and a security researcher used that vulnerability to enter computer code into the petition that forced it to display an ad for rival company Lyft.

NOW WATCH: 5 clever iPhone tricks only power users know about

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.

Tagged In

hacking sai-us three uk