M1 suspends new iPhone pre-orders after potential website breach

SINGAPORE — M1 has suspended all pre-orders for the iPhone 6 and iPhone 6 Plus after a potential security breach of its website was discovered on Sunday by a member of the public, who managed to hack into the site.

“As a precaution to protect our customers’ personal information, we will be temporarily suspending pre-orders while we urgently investigate this issue,” said the telco in a Facebook post this evening (Sept 15). 

The man, who identified himself as an M1 customer and computer science postgraduate student, managed to hack into the site to access personal data of the telco’s customers. He then alerted the company to this purported loophole with a post on its Facebook wall on Sunday evening.

All pre-orders for the new iPhones on M1’s website were suspended from 7pm. Speaking to Channel NewsAsia, an M1 spokesperson confirmed it would not be taking any action against the customer as it appreciates the time he took to inform them about the issue.

“M1 places the utmost priority in protecting our customer data and privacy, and has implemented strict processes and procedures to safeguard customer information, including conducting regular security audits. We will be conducting a full review on this incident,” the spokesperson added.

Access to M1’s website has been patchy since it started taking pre-orders for the new iPhones on Friday. This evening, it said the first batch of iPhone 6 Plus handsets had been fully snapped up.

While M1 did not specify details of the potential breach, the man who managed to hack into the site said he had used a cookie modifier plug-in on Google Chrome to access the personal data of M1’s customers on its website. 

Screengrabs and a video obtained by Channel NewsAsia showed he was able to access information such as phone numbers, NRIC as well as home addresses. 

After he alerted M1 of the potential breach on its Facebook page, he said he was asked to fill in a customer feedback form instead. “I am quite disappointed about that because I am using M1 services myself,” he said. As of this afternoon, he was still able to access the information.

The man said the loophole was “a very simple, silly error”, but added that a sophisticated hacker would have been able to download the whole database in hours. 

Early demand for Apple’s iPhone 6and iPhone 6 Plus has outstripped supply, topping four million in pre-orders in the first 24 hours, reported Reuters. CHANNEL NEWSASIA