Beware! A very serious security issue in Angel Broking: Anyone can see the documents you uploaded if they know your phone number

VarunAgw · June 20, 2020, 3:10pm

Here is how to reproduce the issue:

Visit https://www.angelbroking.com/open-demat-account
Enter the phone number you want to view details for.
If they signed up for the platform, you will get all their details and see the documents they uploaded. They don’t do any mobile number OTP verification.

For a demo: I created a dummy profile using 9324116954. Try entering this number in the form. Don’t worry it’s unused phone number from angel broking support team, so no harm to anyone.

The example shows the account which is not fully created. While I am yet to test for a fully created account, I think it might also work for them too (although with some extra complicated steps).

Edit: I have already contacted them. Posting it to raise awareness since they obviously don’t care.

Prakhar_Agrawal · June 20, 2020, 3:25pm

@siva-reddy it isn’t legal right , to have such loosenes in security and privacy

unofficed · June 20, 2020, 7:46pm

The Support guy should be fired. Let me escalate the issue with them. This is serious. Thanks for posting.

cvs · January 22, 2022, 2:13pm

@VarunAgw @unofficed What happened next? Is the above security issue resolved now?

Dharmesh_Barochia · September 8, 2023, 2:49am

Angelone is not a safe platform. I inform their security team about the issue where i attempted 50 account and were success to login in 48 account(other 2 might be closed) eventhough this is serious issue i raise with them many times they not resolved for 2 to 3 years and seems like that is still there.

Praksy · September 8, 2023, 3:51am

I don’t think this is true. When I opened the link and entered a random mobile number it said enter OTP sent to the mobile number.

pothi · December 26, 2023, 6:17am

It looks like the security issue is fixed now. However, I will be thinking twice to invest further via AngelOne.