Cellcom login information revealed

Cellcom is a large cellular provider operating in Israel, but as it seems not a very secured one.

Today I went to one of Cellcom’s stores in order to upgrade myself to a brand new iPhone 4Gs (16GB). At first, the guy behind the counter told me that the price for the device is 3207.2 NIS before VAT (I’m a “business customer”). When I told him I wanted to pay using credit card he replied that I will need to pay 400 NIS more! The original price is only available for cash customers (I am really considering coming there tomorrow with a bag full of coins and watch them count…)

Anyway, while arguing, I wanted to check their website and see information about devices. I’ve launched Safari on my current iPhone, and surfed to “www.cellcom.co.il”. As expected, they have a completely different version for the website when you are surfing from a mobile device. I couldn’t find any information about devices nor prices, But I did find something else.

When I first opened their website I saw the following screen:

Cellcom Login Details

Translation: Your username is: … Your password is: …

Needless to say, that the information wasn’t censored on my phone. And just below this information box, was a login box asking me for username and password (yes, the same information they just gave me) inorder to login to my Cellcom profile.

It’s bad enough that they are saving my password in plain text, but inorder to make it even worse, they are displaying it to everyone who can get a hold on my phone.

When I got home and logged-in to Cellcom’s website from my PC, I saw that I can display my last invoice and even install/remove features on my line such as voice-mail, conference call, etc. There is even a phonebook on site, but in my case it was empty (I think it has something to do with a phonebook-backup-service Cellcom is offering, But I’m not sure).

So, If you are a Cellcom owner, And got a smartphone, just go to www.cellcom.co.il and see for yourself. And I don’t recommend you to give your phone to anyone who you don’t completely trust with access to your Cellcom’s login information.

No Cellcom, that doesn’t count as security. In fact, It’s the complete opposite!

This site is hosted by:

4 Responses to “Cellcom login information revealed”

Leave a Reply