21-06-23, 02:40 PM
(This post was last modified: 14-07-23, 12:12 PM by @Prometheus69.)
Quote:After facing a potential data leak in 2019, Justdial is once again in the news for a similar vulnerability in its database that exposed sensitive personally identifiable information of over 100 Mn users, according to cybersecurity researcher Rajshekhar Rajaharia, who had also flagged the earlier flaw in 2019. While Justdial has fixed the vulnerability that left its application programming interface (APIs) unprotected, the data has seemingly been in the open since March 2020, Rajaharia added.
The unprotected database contained PII data such as names of users, their email addresses, mobile numbers and dates of birth of users. This is the same vulnerability that was reported in 2019, which was later fixed by Justdial. However, it seems that the leak was not fixed completely as indicated by this latest incident.
Quote:With more than 25 verticals on its website, Justdial started as a phone-based local directory. The company currently offers services such as bills and recharge, grocery and food delivery, and handles bookings for restaurants, cabs, movie tickets, flight tickets, events and more.
![[Image: raja-1.png]](https://inc42.com/wp-content/uploads/2021/07/raja-1.png)
Quote:
