12 customers' personal information accessed during M1 security breach
Personal information of 12 customers was accessed during the recent M1 security breach, the telco said in a statement on Wednesday.
The information accessed included names and addresses, but not credit card or bank account details. The company is in the process of contacting those affected.
M1 said preliminary findings of its investigation into Monday's incident indicate that there was a flaw in the customer authentication mechanism on its website.
"A security flaw existed in the design of an application programming interface in the customer authentication mechanism of our website. By changing data stored within a website 'cookie', this allows possible access to another customer’s personal information," it said.
A security patch which rectifies the flaw has since been deployed, the telco said. Only one case of unauthorised access has been detected so far, it added.
The security breach resulted in pre-orders for the new Apple iPhones on its website being suspended by the company for about 12 hours.
The Straits Times reported that it was a customer who had alerted M1 to the potential breach of security on Sunday night after hacking into the website by mistake.
M1 said it will be implementing further measures to protect customer data and privacy.