JustDial Unprotected Database Leaks Out The Information of 100 Million Customers

  • JustDial info-provider has been leaking live account data since mid-2015.
  • Anyone can access PII details of about 100 million customer accounts, and those that are being added.
  • The company has not secured the leaky database, nor have they issued an official statement yet.

An unprotected database that belongs to the India-based local internet search provider “JustDial” has exposed the sensitive data of about 100 million of the company’s customers. The database contains the profiles of the clients who access the JustDial services on the web platform, the mobile app, or via the telephone line, and according to the reports, the unprotected APIs that kept the door open exist since at least the summer of 2015. JustDial has not issued an official statement about the discovery yet and considering that they have not responded to the warning messages of the researcher who made the revelation, they are not likely to do anything about it soon.

Indian researcher Rajshekhar Rajaharia has sent a warning message to JustDial by using their “ContactUs” communication form on 12 April, but since no answer was received after five days, he decided to make the discovery publicly known. After all, 100 million users is the equivalent of the population of the Philippines, so you can’t just stand there and wait for the company to stumble upon your warning message at some point in the future. Besides the large number of compromised users, the type of data also makes the situation very severe.

A user’s profile includes their real name, email, mobile number, gender DoB, home address, photo, company, occupation, and even more. To figure out whether the unprotected database was connected to a “live” server or a backup, the researcher collaborated with the HackerNews who created a new account by calling JustDial. The researcher received the new credentials and confirmed their addition to the accessible database, so the real-time connection is to a production server and not a backup.

justdial_database
image source: thehackernews.com

While fiddling and exploring within the database, Rajaharia has also found a way to trigger massive opt-out requests for the registered accounts, spamming the customers with messages and causing trouble to JustDial. Maybe if he decided to go on with this approach, the company would have noticed that something suspicious is going on. If the publicity of this still does not reach JustDial’s ears, the researcher will have to resort to practices like this one. Hopefully, he won’t have to.

What do you consider a fair penalty for companies who don’t handle the data of 100 million customers with the proper responsibility? Is the loss in customer trust enough in its own right? Share your thoughts in the comments section below, and don’t forget to check our socials on Facebook and Twitter, for more fresh news like this one.

REVIEW OVERVIEW

Latest

Why Is Demon Slayer So Popular?

In August 2019, the world suddenly started talking about an anime series that had just released its nineteenth episode. Fast forward to...

F1 Live Stream 2022: How to Watch Formula 1 Without Cable

There's not much time until the 2022 Formula 1 World Championship gets underway - the first race is scheduled for late March,...

Disney+ Announces Basketball Series Inspired By Award-Winning Book The Crossover

Disney Plus announced a new basketball-themed drama series that is set to land on the streaming platform, drawing inspiration from the critically...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari