Websites of EU Mobile Providers Fail to Properly Secure User Data: Report

Sensitive data pertaining to the customers of top mobile services providers in the European Union is at risk of compromise due to improperly secured websites, data security and privacy firm Tala reveals.


An analysis of the websites of 13 of the top mobile telecom companies in the EU has revealed that none of them has in place even the minimum necessary protections to be considered secure.


“With over 235 million customers between them, none of the mobile providers scored a passing grade for website security. Where a score of 80+ is considered reasonable and 50 is barely a passing grade, none of the mobile providers analyzed comes close,” Tala says in a new report.


Despite the lack of proper website protections, however, during online sign-up, the telcos collect a significant amount of sensitive data from their customers, including names, emails, addresses, dates of birth, passport numbers, payslips, and even banking details in some cases.


All of the gathered data, Tala claims, might be at risk of compromise through vulnerabilities and the use of third-party code: the average number of JavaScript integrations was found to be 162, while forms were found exposed to an average of 19 third parties.


All of the websites, the report reveals, use dangerous JavaScript functions that open the door to cross-site scripting (XSS), the most common type of website vulnerability. The highest number of JavaScript integrations on a single site was 735.


The sensitive data that customers enter on the websites of these mobile opertors is also potentially exposed through the forms employed to gather the data, as these connect to a large number of domains, revealing extensive data shar ..