When we talk about Telecom operator’s website Tata Indicom’s website comes one step ahead of other operators be it design or the content they score one step ahead of others but one small bug spoils the reputation of the site.The Customer Complaint Search page of Tata Indicom website is disclosing the mobile numbers of those users who have lodge an online complaint via Complaints and Feedback page.
When a complaint is made a 5 digit docket number (complaint number) is assigned for further reference a separate page is allocated to check the status of the complaint (Link not attached on purpose).So here comes the bug if we randomly generate a 5 digit docket number between 30000 and 70000 and submit the desired number under the complaint number section and hit the search tab the output comes something like this.
Complaint Number: 5 Digit Docket Number
Telephone Number: Mobile/Telephone number of user who made a complaint
Circle: Telecom Circle
Nature of Complaint: like whether it’s related to Billing/handset/network
Created Date: when the complaint was lodged
Complaint Status: Status of complaint
Though they have kept the customers mobile/telephone number for internal purposes but a bug like this can feed the spammers appetite if TataIndicom Guys are reading this, make the telephone number section private as soon as possible before the matter goes out of hand.
