Mumbai-based company Justdial is in the headlines as it has once again leaked data of 100 Mn+ users. This is similar to what happened in 2019. Cybersecurity researcher Rajshekhar Rajaharia found out this flaw and shared the information in a tweet. He said that while Justdial has fixed the vulnerability that left its application programming interface (APIs) unprotected, the data was probably in the open since March 2020.
What information is available?
The unprotected database contained Personal Identifiable Information (PII) such as user names, their email addresses, date of birth, and mobile numbers. Earlier in 2019, the company claimed that vulnerability was fixed. However, it seems that the leak was not completely fixed.
It cannot be confirmed if a rogue actor has accessed the database or not. However, a cybercriminal who is able to get his hands on the data could misuse it for cybercrime campaigns.
The company was started in 2007. It started as a phone-based local directory. Currently, the company offers services such as bills and recharge, grocery and food delivery, and handles booking for restaurants, cabs, flights, events among others. Justdial’s voice services are available on 8888888888, their operator-assisted hotline number, across India, which is accessible 24 hours a day, 7 days a week with multi-lingual support.
It has a database of approximately 30.6 million listings as of June 30, 2021. It has 124.1 million quarterly unique users across the web, mobile, App & voice platforms as of June 30, 2021. With the registered & corporate office based in Mumbai, Justdial also has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Coimbatore, Delhi, Hyderabad, Jaipur, Kolkata, and Pune. Recently Reliance acquired a majority stake in Justdial for Rs. 3497 Crores.
Other major data breaches
Justdial is not the only company that suffered such attacks. Recently there was a data breach at Air India. Data of around 45 lac people was compromised. Data Breach at Domino’s was massive. 13TB of personal and financial data was publicly available.
MobiKwik also suffered a data breach. Data of 3.5 Mn users was leaked. The company completely denied the allegations and in the aftermath RBI ordered its forensic audit. Even Government departments are not alien to such attacks. In March 2021 servers of Maharashtra Industrial Development Corporation (MIDC) were hacked. The hacker demanded INR 500 Cr from MIDC as ransom.