The unprotected database contained data such as the user’s name, email address, mobile phone number, and user’s date of birth.
This is the same vulnerability reported in 2019 that Justdial claimed to have fixed.
Earlier this month, Reliance Retail acquired a controlling stake in Just Dial for Rs 3,497.
After facing a potential data breach in 2019, Justdial was once again in the news about a similar vulnerability in the database that exposed sensitive personally identifiable information to more than 100 million users. Cybersecurity researcher Rajshekhar RajahariaJustdial has fixed a vulnerability that left the application programming interface (API) unprotected, but the data appears to have been published since March 2020, Rajaharia added.
The unprotected database contained PII data such as the user’s name, email address, mobile phone number, and user’s date of birth. This is the same vulnerability reported in 2019. Later fixed by Justdial.. However, as pointed out in this case, the leak does not seem to be completely fixed.
Justdial started out as a phone-based local directory with more than 25 industries on its website. The company currently offers services such as billing and charging, grocery and food delivery, and handles reservations for restaurants, taxis, movie tickets, airline tickets, events and more.
Earlier this month, Reliance Retail acquired a controlling stake in Just Dial for Rs 3,497. Justdial has branches in 11 cities across India and is located above ground in more than 250 Indian cities covering more than 11,000 zip codes. The Mumbai-based company was launched in May 2013. It has an extensive database of about 30.4 million lists and claims to have 129.1 million unique users each quarter.
The existence of an unprotected database does not mean that unauthorized personnel have accessed Justdial user data, but this data is used by malicious attackers in SMS bombing campaigns and other forms of phishing activity. May have been used to get started. Inc42 has contacted Justdial about the latest data breach response and will update the story with the company’s response as soon as it is received.
In addition to Justdial, major companies such as Domino’s India have also been arrested. Potential data breaches of the year.. In May, data related to over 18 Cr orders from the pizza chain Domino’s India appeared on the dark web and the database was exposed by the hackers or hacking groups behind the leak. NS Threat attacker claims to have stolen 13 TB of data From Domino’s India, we will provide the personal information of 250 employees to various departments and provide customer details from 18Cr orders. The data included names, email addresses, mobile numbers, GPS coordinates, and other information related to Domino orders.
Another big data breach this year Fintech startup MobiKwikRejected allegations of data breaches affecting 100 million users. Many experts have called this the biggest data breach from Indian tech startups.The leaked data is not only for Mobikwik’s individual customers The merchant who raised the loan From the company. The database first discovered by Rajaharia contains user records for 11 CrMobikwik users with a whopping 8.2 TB of data.
Justdial has re-published sensitive data for more than 100 million users.Defects have been fixed
Source link Justdial has re-published sensitive data for more than 100 million users.Defects have been fixed