Dodgy Windows Phone app pulled from Microsoft store after telco customers' details leak online

Dodgy Windows Phone app pulled from Microsoft store after telco customers' details leak online

Summary: A fradulent app, masquerading as an official app from Dutch telecoms firm Telfort, has been gathering the passwords and logins of the company's customers and posting them online.

TOPICS: Security, Telcos, EU

A dodgy Windows Phone app has been booted out of the Microsoft store after leaking the personal information of customers of Dutch telco Telfort.

The KPN subsidiary shut down the My Telfort section of its website — where customers can edit their personal information and change their tariffs — after being informed by a customer that the passwords and phone numbers of over one thousand Telfort customers had been posted online.

However, after a brief internal investigation into the leak, first reported this week by Dutch newspaper De Gelderlander, Telfort restored My Telfort. The telco released a statement claiming that the information had surfaced not because of a breach of its systems, but because users had entered their details into a malicious app that was masquerading as a genuine Telfort product.

The fraudulent app, which had been listed in the Windows Phone Store, was using the Telfort logo and asked Telfort users to check their subscription status by enter their login information. 

"The My Telfort section was temporarily shut down as a preventative measure, after the company received a tip that customer details were listed on an external website… After an internal investigation, it was found the leak concerned information entered by customers into an external fraudulent app, downloaded from the Windows Store," Telfort's parent company KPN said in a statement.

"The access to My Telfort was proactively blocked for the affected customers. These customers will each be contacted shortly to reinstate their access to the My Telfort environment. Microsoft has notified Telfort that it will remove the app from the store as soon as possible, since the scheme used by the app developers is a clear violation of the general terms and conditions of the Windows App Store." 

The Telfort incident is not the first time a fake app was released to trick telco customers into providing sensitive information. The same app developer appeared to also have released a similar app for KPN customers; however, KPN says the app was not used to leak login details.

Telfort is considering taking legal actions against the app's creator, but said it first wants to investigate why the customer details were collected. The telco has reminded users on its website never to download and use unofficial apps (although it doesn't specify how consumers can distinguish official app from a forged one). 

Topics: Security, Telcos, EU

Martin Gijzemijter

About Martin Gijzemijter

Martin began his IT career in 1998 covering games and gadgets, only to discover that the scope of his interests extended far beyond that. Ironically, where he used to cover 'anything with a plug', he now focuses on the wireless world. A self-pronounced Apple enthusiast who can't live without his Windows PC, he writes tech news, reviews and tutorials for the Dutch market and stories about flying elephants for his two sons.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Concerning

    I have a Lumia 1020 and am very happy with it but a breech of Microsoft's app store like this is concerning. I hope significant steps are taken to make sure it doesn't happen again. I didn't hesitate to use the Chase app for all my online banking. I'm a little concerned to know this happened.
    • The Great Thing About The Lumia

      At least if you get mugged, they'll leave the phone so you can call for help.
      Alan Smithie
  • Why? Trojans are fairly easy to write.

    But relatively difficult to hide.

    They will get better at hiding.
  • Since you have to be a registered developer to post apps

    Hopefully they identify and arrest the perpetrator, and make an example of him.
    • Bleh..

      Easier just to never use Microsoft products.
      • No it isn't...

        iOS had a few problems back with apps stealing contact data.

        Android had an apps stealing passwords.

        This isn't a problem with Microsoft, this is a problem with application markets in general.
      • One of the early apps in iTunes

        cost $1,000 and did nothing more than show a gold-coloured screen. it was titled something like, "I'm rich" or "I'm a millionaire". Apple does a lot of work to test and check apps, but sometimes mistakes happen. You need to have some sort of reasonable perspective when it comes to these problems, including MS.
  • The stores are full of fake apps.

    Just do a quick search and see how many apps in the Windows Phone store are named "Angry Birds" or "Facebook" for example. For every real version of anything popular there are a bunch of fakes with the same or similar logo and name.

    The real problem is that a large number of popular app makers won't be bothered to make their stuff work on Windows Phone, nor are they interested enough to care that others have released unofficial versions that might be doing who knows what.
    • The stores are full of fake apps.

      You understand that many websites of first apps post API so that third party developers can make there own apps. So "fake apps " are encouraged by many first party developers them selves. The good thing is when app some first party won't create apps for a platform and features. The bad is how do you know if third party developers are honest.