You should have seen our article about Micromax Canvas 4 being just another rebranded Chinese Phone. We just heard some shocking news.It looks like Micromax accidentally reveals sensitive data of the people who have pre-ordered the Canvas 4,The Canvas 4 went up on pre-order without Micromax revealing the specs, price or even photos of the phone, yet over 10,000 people paid Rs 5,000 upfront to book a unit. But things went horribly wrong for a few when sensitive information including their email address, shipping address, phone number as well as Micromax account user name and password were leaked by the company.
First reported by Gizmodo India, some customers who had pre-booked their Canvas 4 units received a mail from Micromax informing them that the balance Rs 13,000 was being charged on their credit card. However, some of them received a mail that had the same details of over 100 other customers
What’s shocking is that not only did it have contact details of other users, it also had the user name and password of their Micromax accounts, which could enable anyone to change their order. One could effectively modify the order and change the shipping address. However, Micromax claims that it blocked access to the compromised accounts as soon as it came to know about the faux pas so nothing could be changed.
We have confirmation that many pre-order customers received an email (on the Canvas 4 launch date) confirming that the balance amount of Rs 13,000 (the initial 5k was deducted at time of pre-order itself) had been deducted from their credit cards. This email (which was forwarded to us with an authentic header file) shockingly contained the order receipts of nearly 130 other customers! And get this – it INCLUDED their shipping and billing addresses, phone numbers, email addresses and even the pre-order site’s login and password for every customer!!! We’ve got to say that this is a mind-boggling level of carelessness on display.
“It is a high security threat as it was having details of customers’ mobile numbers, login details with passwords to verify the order at the MMX website. And after login, one can change (shipping) address in their profile. What if such data would have gone in email of a person having destructive mind?” says one of these customers over email.
Well, customers thankfully did something constructive instead and alerted each other about the privacy breach. Eventually they began sharing updates on their attempts to contact the company and of course a Facebook group followed.