Bharat Sanchar Nigam Limited (BSNL), the Indian state-owned telecommunications company is neither known for it's quality of service nor for customer satisfaction. To make their services more user-friendly they started allowing quick online recharge facility from their website, but this service has a data privacy loophole where anybody can check any BSNL subscribers prepaid balance with expiry date. While this may not sound a big security risk the data exposed can be used to device social-engineering phishing attacks, for example - a malicious hacker can fetch this data and utilize it for calling the subscriber as an BSNL employee supplying this information to gain trust of the consumer and asking them to order a highly subsidized online recharge from a fake website.