Justdial, a local search engine for different services across India reportedly last week suffered a data breach, which revealed personal details of the users. According to independent cyber-security researcher Rajshekhar Rajaharia, JustDial's data breach compromised sensitive data of 100 million users. These information included names, mobile numbers, email ids, addresses, company and occupation. UIDAI Says No Data Leaked from Its Servers.
As per the report from Economic Times, the cyber-security researcher claimed that the company is not able to fix the data breach. He also mentioned that the attack did not affect the new revamped version of the site. The researcher in a post of Facebook mentioned that the breach was able to comprise the data of the users who called company's customer care number - '88888 88888'. 617 Million Users' Data Leaked! Is Your Personal Data Safe? List of 16 Websites Sharing Your Information.
Does Anyone know the way to contact Justdial. Contacted #JustDial on 12th via ContactUs Page but no responce. #dataleak #CyberSecurity #dataprotection #GDPR #privacy #breach #CyberAttack #business #hack #Hacker #tech #technology #DigitalIndia #datasecurity #infosec #cyber pic.twitter.com/cGqexg0Zt0
— Rajshekhar Rajaharia (@rajaharia) April 16, 2019
Countering such rumours of data breach, JustDial mentioned that all sensitive information of the users are protected. The search engine also confirmed that all financial details and user passwords too are safeguarded as per industry practices. Additionally, the company clarified that majority of the platform functions on OTP-based authentication. The company has also assured an independent tech audit for identifying any such vulnerabilities.
The company stated, "The older versions of our apps, which currently cater to only a very small fraction of our users, were using certain APIs by which basis a particular mobile number entered and certain basic user details were accessible (no financial information was accessible). This vulnerability, which existed on the older app platforms, is also now fixed. Newer (current) versions of the app where majority of users are available do not have the above vulnerability."