Home » News » General » Justdial patches security flaw that exposed sensitive data of over 156 million accounts

Justdial patches security flaw that exposed sensitive data of over 156 million accounts

By Digit NewsDesk | Updated on 10-Oct-2019
Justdial patches security flaw that exposed sensitive data of over 156 million accounts
Digit NewsDesk Digit NewsDesk
10 Oct 2019 18:04
HIGHLIGHTS

A flaw in Justdial could enable hackers to access any account with a phone number.

The vulnerability has been patched.

The company has said none of its accounts were breached and no data was leaked

In the world of constant data leaks and breaches, you can now add one more company to the list. A critical security flaw was found on Justdial, which could enable attackers to access sensitive account information of 156.1 million users on the platform. Justdial has now patched the flaw but we suggest you change your account password right away, in case you use the platform. The issue reportedly stemmed from Justdial’s Register API that would enable an attacker to get access into any Justdial account by using a phone number in the username parameter. The flaw was reported by the security researcher Ehraz Ahmed, via MoneyControl.

As per the report, the Register API vulnerability could enable hackers to access anyone’s Justdial account. This would be done by replacing the phone number under the username parameter so that the system returns an access token, system ID (SID) and user ID (UID). The SID would then be used to access the account and another accounts linked to it while the UID enabled posting on the user’s Justdial Social Profile. The worrying bit is that accessing a Justdial account also gives access to the Justdial Pay account and its settings can be changed to redirect funds to another bank account. However, transferring existing funds to another account is not possible since an account or UPI pin is required to confirm the transaction. 

The security researcher also mentions that hackers and telemarketers can mine Justdial data by using a script and phone number dumps found online. You can see how Ahmed exploited the flaw to gain access to a Justdial account from the video above. As mentioned above, Justdial patched the flaw and sent out a statement to the media that reads, “We at Justdial take security seriously. There was a bug in one of our API which could potentially be accessed by an expert hacker. This bug has been fixed. We work with various security researchers to strengthen our platform and would like to thank Ehraz Ahmed for bringing this out to us.”

Digit NewsDesk

Digit NewsDesk

Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile

New Mobiles
Apple IPhone 15Redmi 12 5GRealme 11 Pro+ 5GApple IPhone 15 PlusNothing Phone 2
Top-10s
Best Mobile Phones under 15,000Best Mobile Phones under 20,000Best Mobile Phones Under 10,000Best Mobile PhonesBest 5G Mobile Phones
Terms of Use Privacy Policy About Us Advertise with us Contact Us SiteMap Current / Past Issue Magazine Subscription
9.9 Group

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

We are about leadership – the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry.

logo logo logo logo logo logo
Copyright © 2007-24 9.9 Group Pvt.Ltd.All Rights Reserved.
Digit.in
Logo
Digit.in
Logo