Wateen Allows Open Access to Its Customers’ Private Info

Wateen Telecom, through its Self Care, is offering its customers to know their latest account status along with a facility to recharge their accounts, but the alarming thing is that system neither asks for any

password nor system generated user name; instead all customer’s private information is revealed by just submitting random names.

Here on this url: http://58.27.179.144/selfcare simply guess and enter names like: Bilal, Aslam, Aamir, Huma, Najma etc.

P.S. You don’t need to be a Wateen customer to enjoy personal information of Wateen users;

Below is screen shot of a random customer, interestingly there is a sign out button for a page which never asked for sign-in.

Thanks to Zofeen for the tip