Singtel mobile app leaked customer's details

Telco suspends app for three hours after software glitch; says breach an isolated case

Singtel suspended its mobile application for three hours yesterday, after a "software glitch" meant that customers who logged in were redirected to a different account.

The My Singtel app - which lets users check and pay bills, view data usage and re-contract or purchase a new phone - was taken down from 8am after users found themselves looking at a customer's personal details.

The telco did not reveal the customer's identity, but users found they could write notes in one of the data fields which could be read by subsequent users who found themselves erroneously directed to the page.

Some left nonsensical messages or political insults.

A company spokesman yesterday said the glitch was the result of a mistake by a member of the IT department.

"We are still trying to get in touch with the affected customer to apologise and explain."

Problems first appeared on Monday night, and some customers also reported seeing unusual messages on the app's account information and billing pages.

Facebook user Wilson Siak wrote: "I realise when I logged in I saw other people's account instead of my own. I can see their name and address.

"I think there is a serious breach of account confidentiality and I suspect my account is also being compromised."

The telco insisted it was an "isolated incident" and that the account security of their customers was not compromised.

The Personal Data Protection Commission (PDPC) said it is aware of the data breach incident and has been in touch with Singtel.

"PDPC will be investigating this incident," the privacy watchdog said.

Access to the app resumed at 11am, with most functions restored.

A version of this article appeared in the print edition of The Straits Times on March 02, 2016, with the headline 'Singtel mobile app leaked customer's details'. Print Edition | Subscribe