Local search engine Justdial reportedly last week suffered a massive data breach which revealed personal details of as many as 100 million (10 crores) of its users in the country.
An independent cyber-security researcher Rajshekhar Rajaharia has claimed that JustDial’s data breach compromised sensitive data of 100 million users which included details including their names, mobile numbers, email ids, addresses, company and occupation. Rajaharia took to Facebook and claimed that the company is not able to fix the data breach. He also mentioned that the attack did not affect the new revamped version of the site. The researcher in a post of Facebook mentioned that the breach was able to comprise the data of the users who called the company’s customer care number – ‘88888 88888’.
However, rejecting the claims, Justdial said all the sensitive information of its users including financial information as well as any passwords are protected as per industry standards. The hyperlocal search platform also assured that the majority of the Justdial platform works on OTP-based authentication.
“The older versions of our apps, which currently cater to only a very small fraction of our users, were using certain APIs by which basis a particular mobile number entered, certain basic user details were accessible (no financial information was accessible). This vulnerability which existed on the older app platforms is also now fixed,” Justdial said in an official statement.
“Newer (current) versions of app where majority of users are available do not have the above vulnerability. We have implemented adequate encryption for the older APIs which were impacted and have initiated an independent tech-audit to identify any existing vulnerabilities,” the statement read further.
According to Rajaharia, the data breach happened via an older version on Justdial’s website which has not been tended to since mid-2015.