Firewall Security Management

Firewall Security Management

20 TOP MOST PROBLEMS IN FIREWALLS WHICH IMPACT BUSINESS More »

Firewall Security Management

Firewall Security Management

Firewall Hardening Checklist More »

Firewall Security Monitoring

Firewall Security Monitoring

Giving You a Proactive Approach to Your Cyber security with Security Monitoring More »

Best TOP Enterprise Network Firewalls

Best TOP Enterprise Network Firewalls

List of Top Firewall Providers Company / Companies in India More »

 

Unprotected database belonging to JustDial exposes personal information of almost 100 million users

  • The unprotected database exposed the personal information of almost 100 million users who accessed the service via its website, mobile app, or by calling its customer care number.
  • The exposed data includes JustDial users’ names, email addresses, mobile numbers, location addresses, genders, dates of birth, photos, designations, company names, and more.

What is the issue – A security researcher uncovered a database belonging to JustDial that was exposed online without any password protection.

Why it matters – The unprotected database exposed the personal information of almost 100 million users who accessed the service via its website, mobile app, or by calling its customer care number.

What was exposed – The exposed data includes JustDial users’ names, email addresses, mobile numbers, location addresses, genders, dates of birth, photos, designations, company names, and more.

The big picture

An independent security researcher named Rajshekhar Rajaharia uncovered an unprotected database belonging to JustDial.

“#justdial Your 100 Million users data including name, email, mobile, gender, dob, address, photo, company, occupation & other details r publicly accessible. Fix ASAP. DM for Detail,” Rajaharia tweeted.

Upon discovering the leaky database, the security researcher contacted JustDial via its contact page to notify about the database, however, received no response. Rajaharia then contacted The Hacker News and shared the details of the unsecured database.

The security researcher noted that the database’s API endpoint is an old one which is not currently being used by the company but has been left forgotten on the server.

Rajaharia also identified a few other old unprotected APIs that could allow attackers to trigger OTP requests for any registered mobile number, which could then be used for spamming activities.

Firewall Company | Firewall Company India | Firewall Provider India | Firewall Company