A recent report states that Justdial, one of the largest service companies in India, has suffered a data breach that led to the exposure of confidential records of more than 100 million users. According to researcher Rajshekhar Rajaharia, the information remained exposed since March 2020.
Starting as a local phone-based directory, Justdial offers bill services, top-ups, grocery delivery, reservation system management, taxis, airline tickets and other services.
The leak consists of records of users’ personal information, including usernames, email addresses, phone numbers and dates of birth. This incident appears to be related to a flaw detected in 2019 by Justdial’s teams and which was apparently not properly addressed.
As in other similar incidents, the detection of the unprotected database does not mean that the threat actors have accessed the exposed information; however, it does imply the risk that this information will eventually be used to deploy massive phishing campaigns. The company has not issued any statements on the matter, although it has already received multiple requests for information.
Justdial is not the only company operating in India that has been the victim of similar incidents recently. Last May, pizza chain Domino’s India suffered a massive leak of information; the compromised data was eventually put up for sale on a dark web forum.
At the time, threat actors claimed to have extracted nearly 13 TB of confidential information held by Domino’s India. These confidential records included names, email addresses, phone numbers and location details.
Another major data breach this year impacted MobiKwik’s systems, which denied claims about a data breach that impacted 100 million users. It is mentioned that this information would be for sale on the dark web, although so far nothing has been confirmed about it.
For further reports on vulnerabilities, exploits, malware variants, cybersecurity risks and information security courses fell free to visit the International Institute of Cyber Security (IICS) websites, as well as the official platforms of technology companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.