DU review: Extra charges because of app application hacking [protected])

I am writing to formally complain about a severe security breach and unauthorized transactions on my Du Telecommunications account. This incident has compromised my personal information and resulted in fraudulent charges totalling AED 2006. I am complaining to you as a recommendation by Dubai Police.

Details of the Incident:

• Initial Suspicion: The incident began with an unexpected UAE pass notification, which I initially thought was related to my employer, and I accepted it. I was working at my workstation, thinking the UAE pass was from my employer's website.

• Unusual Email Notifications from Du: Soon after, I received emails from Du about an eSim request I never made. Another email was received about raising the purchase cap for my billed mobiles [protected] and [protected]). A third email was about changing my user name, which I never made. Here, I started to suspect what was happening. All this happened in about 20 minutes. I began from 10:14 am to about 10:40 on Friday, November 10th.

• Service Disruption: My mobile service was suddenly disconnected.

• Discovery of Unauthorized Access: I learned that my account had been hacked upon visiting a Du service centre at about 11:30 am. I have also discovered that in about 15 minutes, the hacker used the maximum allowed amount of AED 1003 on each of my two mobile lines under "Total extra usage."

• Upon receiving the monthly bill, I found that the total bill was 2,398.49. The monthly charges are only 252, while the other charges are 2146.49, including hacking purchases and VAT.

• The request was refused by asking Du to remove the other charges, saying that the hacking access was outside the Du application, which wasn't true.

Requests and Suggestions:

1. Investigation and Reversal of Charges: I urge Du to investigate this breach and facilitate reversing all fraudulent charges on my account.

2. Enhanced Security Measures: I propose that Du mandates more stringent authentication processes for changes from physical SIM cards to eSIMs, as this appears to be a vulnerable point that hackers can exploit.

3. Proactive Fraud Detection: Additionally, I suggest that Du be required to implement systems that detect and flag unusual transaction patterns, like multiple high-value purchases in a short period, and take immediate preventive action.

4. Removing the extra 2146.49 charges.

This incident raises significant concerns about the current security measures and the potential for future breaches affecting other customers. Prompt attention to this issue is crucial to prevent similar occurrences and maintain trust in our region's telecommunications services.

Thank you for your immediate attention to this matter. I am available for any further information or clarification that may be needed.