Beware! A very serious security issue in Angel Broking: Anyone can see the documents you uploaded if they know your phone number

Here is how to reproduce the issue:

  1. Visit https://www.angelbroking.com/open-demat-account

  2. Enter the phone number you want to view details for.

  3. If they signed up for the platform, you will get all their details and see the documents they uploaded. They don’t do any mobile number OTP verification.

For a demo: I created a dummy profile using 9324116954. Try entering this number in the form. Don’t worry it’s unused phone number from angel broking support team, so no harm to anyone.

The example shows the account which is not fully created. While I am yet to test for a fully created account, I think it might also work for them too (although with some extra complicated steps).

Edit: I have already contacted them. Posting it to raise awareness since they obviously don’t care.

@siva it isn’t legal right , to have such loosenes in security and privacy

The Support guy should be fired. Let me escalate the issue with them. This is serious. Thanks for posting.

@VarunAgw @unofficed What happened next? Is the above security issue resolved now?