Tech Vigil an unique Technology Blog

JustDial’s protection breach reportedly compromises statistics of 100M customers

JustDial’s security breach reportedly compromises records of 100M users Local seek carrier JustDial faced records breach on Wednesday, with data of more than 100 million users, inclusive of names, e-mail ids, cell numbers, gender, date of delivery and addresses publicly available, an unbiased protection researcher said in a Facebook post.

Fintech startup EarlySalary, tour firm Ixigo, food tech employer FreshMenu and Zomato have confronted similar breaches of patron statistics within the beyond.

Rajshekhar Rajaharia, who exposed the breach, said that 70% of the records turned into of customers who referred to as JustDial’s patron care wide variety “88888 88888″.
“Even if one could not have used their app or internet site, if you ever called their customer service, your records may be leaked,” he said, including the breach passed off thru an older model of JustDial’s internet site which changed into unattended seeing that mid-2015.

Four software programme interfaces (APIs) had remained unprotected over these years, Rajaharia said. “The organization reached out to me today, but has been not able to repair the problem completely because the records remain handy.”


The more moderen version of JustDial’s internet site, which turned into remodeled some months in the past, remained covered from the breach, said Rajaharia.

However, JustDial denied the statistics breach of 100 million users. In an assertion, the employer said, “The older variations of our apps, which presently cater to best a totally small fraction of our customers, we’re using sure APIs by using which basis a particular cell number entered, certain basic user information had been available (no economic information became on hand). This vulnerability which existed on the older app systems is also now fixed. Newer (modern) variations of the app in which the majority of users are available to do no longer have the above vulnerability.” We have implemented good enough encryption for the older APIs which have been impacted and feature initiated an impartial tech-audit to identify any existing vulnerabilities, the employer said.

Mumbai-based totally JustDial is an internet directory for services and additionally offers facilities together with bill bills and recharges, grocery and food shipping, in conjunction with dealing with bookings for eating places, cabs, and movie tickets.