At about 4PM on Thursday I got a call from a friend with the news was that he and a couple of his workmates were able to recharge their Econet Buddie lines for free using some leaked recharge codes. He confirmed that he had managed credit his mobile phone with US$ 50 worth of airtime. This guy though didn’t want to use the airtime and actually joked he’d tried to call the Econet call center to tell them about the security hole and have the airtime deducted. He couldn’t get through.
I personally didn’t get the time to try the codes immediately, and I was informed by a different person later that evening that the codes were not working anymore. So I forgot about it and got on with other things. Didn’t think much of it after that until another colleague today reminded me about it. So I asked them for some details and got a somewhat sketchy picture of what happened.
The story goes: The code *150*100# was spreading virally around the country from subscriber to subscriber. The code would give a subscriber the option to get airtime without paying a cent. Subscribers used this to steal (yes, we think it’s stealing) airtime ranging from US $50 to US $700. Econet apparently picked this up soon enough and acted swiftly to disable the code.
Thereafter, all the lines that used the code were barred from making calls and some barred from receiving as well. Apparently, as we write this, those lines are now basically dead. A commenter on an article we posted earlier today says this is probably why Econet’s recharge system was down for the better part of yesterday. Twice yesterday afternoon I personally tried to recharge my prepaid line and got the message “We are currently processing high call volumes. Please try again in one hour”.
My friend at the start of this article says he went to the Econet offices in Msasa yesterday to query his blocked line. He was told Econet is still compiling the data to establish how much airtime was siphoned out and communication will be made with the affected people once this process is completed.
As for the source of the code, word around is that some Econet employee stumbled upon the codes, a number of codes actually we hear. This Econet guy then allegedly passed this treasure chest to a close relative and the viral spread began. And as the situation went out of control, the Econet guy vanished and has been in hiding since.
It’s not clear yet if this story is linked to the website hacking last night.