Dodgy Windows Phone app pulled from Microsoft store after telco customers' details leak online

Summary:A fradulent app, masquerading as an official app from Dutch telecoms firm Telfort, has been gathering the passwords and logins of the company's customers and posting them online.

A dodgy Windows Phone app has been booted out of the Microsoft store after leaking the personal information of customers of Dutch telco Telfort.

The KPN subsidiary shut down the My Telfort section of its website — where customers can edit their personal information and change their tariffs — after being informed by a customer that the passwords and phone numbers of over one thousand Telfort customers had been posted online.

However, after a brief internal investigation into the leak, first reported this week by Dutch newspaper De Gelderlander, Telfort restored My Telfort. The telco released a statement claiming that the information had surfaced not because of a breach of its systems, but because users had entered their details into a malicious app that was masquerading as a genuine Telfort product.

The fraudulent app, which had been listed in the Windows Phone Store, was using the Telfort logo and asked Telfort users to check their subscription status by enter their login information. 

"The My Telfort section was temporarily shut down as a preventative measure, after the company received a tip that customer details were listed on an external website… After an internal investigation, it was found the leak concerned information entered by customers into an external fraudulent app, downloaded from the Windows Store," Telfort's parent company KPN said in a statement.

"The access to My Telfort was proactively blocked for the affected customers. These customers will each be contacted shortly to reinstate their access to the My Telfort environment. Microsoft has notified Telfort that it will remove the app from the store as soon as possible, since the scheme used by the app developers is a clear violation of the general terms and conditions of the Windows App Store." 

The Telfort incident is not the first time a fake app was released to trick telco customers into providing sensitive information. The same app developer appeared to also have released a similar app for KPN customers; however, KPN says the app was not used to leak login details.

Telfort is considering taking legal actions against the app's creator, but said it first wants to investigate why the customer details were collected. The telco has reminded users on its website never to download and use unofficial apps (although it doesn't specify how consumers can distinguish official app from a forged one). 

Topics: Security, EU, Telcos

About

Martin began his IT career in 1998 covering games and gadgets, only to discover that the scope of his interests extended far beyond that. Ironically, where he used to cover 'anything with a plug', he now focuses on the wireless world. A self-pronounced Apple enthusiast who can't live without his Windows PC, he writes tech news, reviews an... Full Bio

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.