Just Dial – one of India’s leading local search engines has been discovered leaking personal data of over 100 million customers.
An independent Rajshekhar Rajaharia discovered a critical flaw in Just Dial database exposing personal data of 100 million customers.
The researcher said that he discovered the API endpoint of JustDial’s database was unprotected and publicly accessible making millions of users data vulnerable to breach.
The exposed data includes name, email, mobile number, gender, date of birth, address, photo, company, occupation and other details used by users to create an account in Just Dial.
According to the researcher, even the personal data of users who called JustDial’s customer care number “88888 88888″ were also exposed in the breach.
The issue exists in the older version of JustDial’s website and has been exposing users personal data since 2015.
The researcher also shared screenshots of Justdial’s user data discovered during the analysis process:
The researcher also noted that in addition to users personal data the company was also found saving users buying and search history without user’s consent. This information can be used for targeted advertisements.
The researcher attempted to notify the company about the issue and but failed to get any proper response back from the company.
Just dial is an online director and provides services like Ticket Booking for Flights, Hotels, Movies, Buses, Cabs, ordering foods and shopping online.
You may be interested in reading:Researchers Discovered New Victim of Powerful Triton Malware