Case Study: Vianet Communication Data Leak
Published on 2020-04-05
## The Incident
April 2020. Barely a month after Foodmandu, the other shoe dropped. **Vianet Communications**, one of the top ISPs in Nepal, leaked the personal data of over **170,000 customers**.
It wasn't a dark web sale at first; a Twitter user simply posted a sample: "Here are your emails, phone numbers, and biological details." Panic ensued.
## The Technical Flaw
It wasn't a complex zero-day. It was **BOLA (Broken Object Level Authorization)**—the modern plague of APIs.
### How It Works
...
Back to Blog