A security flaw in JustDial systems, an Indian-based local search services provider, left data of around 156 million of its users vulnerable. However, the company managed to patch the bug after a security researcher Ehraz Ahmed flagged the issue.
According to the researcher, the flaw could allow an attacker to access accounts without the user’s knowledge. It’s said that the bug affected JustDial’s website, mobile app, and voice platforms.
The researcher explained in a video that how a hacker can use any JustDial user’s phone number as username and gain access to the account by exploiting the bug. Ahmed also revealed the bug allows hackers to change account details for JustDial’s payment option — JD Pay, allowing them to redirect all the money in the account.
“The hackers can also access your Justdial Pay account and receive funds on your behalf by entering their bank account information in the Bank Details Settings, but they cannot transfer the funds as it requires them to have access to your bank account/UPI code,” Ahmed said.
JustDial clarified that no loss of data or money has been reported as of now. “We at JustDial take security seriously. There was a bug in one of our APIs which could potentially be accessed by an expert hacker. This bug has been fixed. We work with various security researchers to strengthen our platform and would like to thank Ehraz Ahmed for bringing this out to us,” JustDial said in a statement.
According to a recent survey from technology giant IBM, the average cost of a data breach in India has grown 7.29 percent to reach Rs 12.8 crore from Rs 11.9 crore last year. According to the survey report dubbed Cost of a Data Breach 2019, the Per capita cost for a stolen record raised to Rs 5,019, which is an increase of 9.76 percent when compared to the last year.
The survey findings, which are based on in-depth interviews with 507 companies around the world, highlighted that the root cause for 51 percent of data breaches was malicious or criminal attacks, 27 percent of breaches due to technical issues, and human error led to 22 percent of breaches in India.