According to a report by cybersecurity research firm CyberX9, Vodafone Idea's (Vi) system has multiple vulnerabilities that have allowed access to roughly 301 million call logs over the previous two years, including those of all of its 20.6 million postpaid users.

The telecom provider, however, denied there had been any data breaches and said the news was maliciously untrue.

Since Vi has been disclosing the call records and other private information of millions of its users for at least the past two years, it urged the government to appoint an impartial and independent security audit of the company. It was claimed that several malicious hackers may have stolen this data during that lengthy period.

The CyberX9 report claimed that the information of Vi customers being exposed to the internet includes but is not limited to, all call records comprising date and time, other phone number they talked to, and duration, all SMS records, internet usage details , location details , full name, Vi phone number, residential address, alternate contact number, bill payment transaction details, plan details, bill details of many months, credit limit, and so on.

CyberX9 further asserted that Vi was informed of the report's findings on August 22 and that a company representative from Vi recognized the vulnerability on August 24.

Vi rejected the claim, calling it untrue and malicious, and asserted that it has a strong IT security structure in place to protect client data, and that it routinely conducts inspections and audits to further bolster that framework.

“We learnt about a potential vulnerability in billing communication. This was immediately fixed, and a thorough forensic analysis was conducted to ascertain no data breach. We have notified appropriate agencies and made due disclosures. Vi customer data remains fully safe and secure”, says the company.

According to the report, “The vulnerabilities discovered were improper authorization and IDOR (insecure direct object references) vulnerabilities, leading to exposing the massive amount of sensitive data to the whole internet... There is high potential that these vulnerabilities were used in this two year timeframe by malicious hackers to steal all the data”.