Data breach at JustDial leaks 100 million user details
BENGALURU: Local search service JustDial faced a data breach on Wednesday, with data of more than 100 million users, including names, email ids, mobile numbers, gender, date of birth and addresses publicly available, an independent security researcher said in a Facebook post
Fintech startup EarlySalary, travel firm Ixigo, foodtech company FreshMenu and Zomato have faced similar breaches of customer data in the past.
Rajshekhar Rajaharia, who uncovered the breach, said that 70% of the data was of users who called JustDial’s customer care number “88888 88888".
“Even if one would not have used their app or website, if you ever called their customer service, your data may have been leaked,” he said, adding the breach happened through an older version of JustDial’s website which was unattended since mid-2015.
Four application programme interfaces (APIs) had remained unprotected over these years, Rajaharia said. “The company reached out to me today, but has been unable to fix the issue completely as the data is still accessible.”
The newer version of JustDial’s website, which was revamped a few months ago, remained protected from the breach, said Rajaharia.
However, JustDial denied the data breach of 100 million users. In a statement the company said, "The older versions of our apps, which currently cater to only a very small fraction of our users, were using certain APIs by which basis a particular mobile number entered, certain basic user details were accessible (no financial information was accessible). This vulnerability which existed on the older app platforms is also now fixed. Newer (current) versions of app where majority of users are available do not have the above vulnerability." We have implemented adequate encryption for the older APIs which were impacted and have initiated an independent tech-audit to identify any existing vulnerabilities, the company said.
Mumbai-based JustDial is an online directory for services and also offers facilities such as bill payments and recharges, grocery and food delivery, along with handling bookings for restaurants, cabs, and movie tickets.
Except for the headline, this article has not been edited by MyDigitalProtection and original article is available at EconomicTimes.com