Justdial Again Exposes Sensitive Data Of 100 Mn+ Users; API Flaw Now Fixed

Justdial Again Exposes Sensitive Data Of 100 Mn+ Users; API Flaw Now Fixed

SUMMARY

The unprotected database contained data such as names of users, their email addresses, mobile numbers and dates of birth of users

This is the same vulnerability that was reported in 2019, which Justdial had claimed to have fixed

Earlier this month, Reliance Retail acquired a controlling stake in Justdial for INR 3,497 Cr

After facing a potential data leak in 2019, Justdial is once again in the news for a similar vulnerability in its database that exposed sensitive personally identifiable information of over 100 Mn users, according to cybersecurity researcher Rajshekhar Rajaharia, who had also flagged the earlier flaw in 2019. While Justdial has fixed the vulnerability that left its application programming interface (APIs) unprotected, the data has seemingly been in the open since March 2020, Rajaharia added.

The unprotected database contained PII data such as names of users, their email addresses, mobile numbers and dates of birth of users. This is the same vulnerability that was reported in 2019, which was later fixed by Justdial. However, it seems that the leak was not fixed completely as indicated by this latest incident.

With more than 25 verticals on its website, Justdial started as a phone-based local directory. The company currently offers services such as bills and recharge, grocery and food delivery, and handles bookings for restaurants, cabs, movie tickets, flight tickets, events and more.

Earlier this month, Reliance Retail acquired a controlling stake in Justdial for INR 3,497 Cr. Justdial has branches in 11 cities across India with an on-ground presence in over 250 Indian cities covering more than 11K postal codes. The Mumbai-based company listed publicly in May 2013. It claims to have an extensive database of around 30.4 Mn listings and with 129.1 Mn quarterly unique users.

While the existence of an unprotected database does not mean that unauthorised personnel had access to Justdial user data, it does open up the possibility that this data might have been used by malicious actors to initiate SMS bombardment campaigns or other forms of phishing activity. Inc42 has reached out to Justdial for a response on the latest data leak, and we will update the story with the company’s responses as soon as we receive them.

Besides Justdial, major companies such as Domino’s India have also been caught in potential data breaches this year. In May, data related to over 18 Cr orders from pizza chain Domino’s India appeared on the dark web and the database was made public by the hacker or hacking group behind the leak. A threat actor claimed to have stolen 13 TB of data from Domino’s India, putting the personal information of 250 employees across functions, as well as customer details from 18 Cr orders. The data included names, email addresses, mobile numbers, GPS coordinates and other info related to Domino’s orders.

Another major data leak this year involved fintech startup MobiKwik, which denied claims about a data breach impacting 100 Mn users. Many experts called it the biggest data leak from an Indian tech startup. The leaked data is said to impact Mobikwik’s individual customers as well as the merchants that have procured loans from the company. First spotted by Rajaharia, the database contains user records for 11 Cr Mobikwik users with a whopping 8.2 TB of data.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
Unlock 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
Unlock 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Justdial Again Exposes Sensitive Data Of 100 Mn+ Users; API Flaw Now Fixed-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Justdial Again Exposes Sensitive Data Of 100 Mn+ Users; API Flaw Now Fixed-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Justdial Again Exposes Sensitive Data Of 100 Mn+ Users; API Flaw Now Fixed-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Justdial Again Exposes Sensitive Data Of 100 Mn+ Users; API Flaw Now Fixed-Inc42 Media
Justdial Again Exposes Sensitive Data Of 100 Mn+ Users; API Flaw Now Fixed-Inc42 Media
You’re in Good company