MySafaricom App Glitch Leaves Customer Data Exposed

MySafaricom App
Image Courtesy TechArena Kenya

I was scrolling through Twitter when something caught my attention. A Safaricom customer had written a short thread of a rather shocking experience with her Safaricom app. The issue she was reporting was one that put Safaricom on the receiving end of criticism for lack of proper data protection mechanisms.

“Something very scary is happening with the [Safaricom] App. I went to the Bill Manager only to find a phone number that isn’t mine & bills belonging to someone else. My KPLC Meter is postpaid I do not own a CBA Account I am on Saf Prepaid Why am I seeing someone else’s data?” Read her tweet.

Safaricom App glitch

According to the customer, Elayne Okaya thread, MySafaricom App was displaying information and data that did not belong to her.  She goes ahead to express her concern about the possibility of someone else having access to her data as she currently had access to someone else’s data:

The thread continues to show the magnitude of the glitch, which also exposed the unknown person’s M-PESA transactions, phone number, bank accounts and more:

Not An Isolated Case

Interestingly, there were other complains of similar manner under her thread. With a number of MySafaricom App users reporting that they have been seeing utility bill payments that they are not associated with, while some reported that they could bank details of accounts they do not own.

To worsen the situation, the users reported that the telco’s customer care reps had dismissed similar issues reported earlier claiming that the users had probably made the bill payments at one point:

From the look of things, it seems like a bug that has affected the App’s database, at least according to an expert in the field. We reached out to Safaricom for an explanation of what happened but by the time of press, the telco had not responded.

Explained: Why Does Electricity Go Off When it Starts Raining?

You may also like


Leave a reply

Your email address will not be published. Required fields are marked *