Safaricom recently addressed a significant security issue within its Home Fibre network that had been exploited for several years by users looking to access internet services for free or at reduced rates. The flaw in Safaricom’s system allowed users to bypass payment processes and essentially use the service without contributing to the company’s revenue. This loophole, attributed to weak router authentication protocols, cost Safaricom millions in lost revenue over the years.
While the company did not publicly comment on the matter, engineers familiar with the situation revealed that the problem stemmed from a generic password that could be used across multiple accounts, even though each user had a unique username. This loophole was not only exploited by individual users but was also facilitated by Safaricom’s sales agents.
Although Safaricom was aware of the abuse internally, addressing the issue proved challenging due to the system’s reliance on outdated infrastructure. However, by 2024, the company implemented new measures to ensure unique and complex passwords for each account, as well as limitations on simultaneous connections per account.
The security breach had a significant impact on Safaricom’s revenue, with estimates suggesting losses in the millions of Kenyan shillings. Despite this setback, the company remains a dominant player in Kenya’s fixed internet market, serving a large customer base.
Looking ahead, Safaricom’s response to this security issue underscores the importance of robust internal controls and ongoing vigilance in the face of evolving cybersecurity threats. By prioritizing network security measures, Safaricom aims to maintain its position as a leading internet service provider in Kenya.
Peace Nero is a writer and blogger who loves to explore different topics of self-development. She shares her personal experiences in order to help people discover their true purpose in life.