Justdial Smacked By a Subsequent Security Breach in Two Weeks; Poor OpSec To Blame!

Justdial Smacked By a Subsequent Security Breach in Two Weeks; Poor OpSec To Blame!

Justdial is a renowned Indian hyper-local search engine
which recently became prone to two security breaches in the span of two weeks.

Only a few weeks ago, the database of all the customers of
Justdial was laid bare on the dark web and now the reviewers’ data got on the
line.
The company that has beyond 134 million QUA can’t afford to make
such reckless mistakes.
April 18th saw the private data including names,
addresses, email IDs etc. of over 100 million users which was stored in the search
engine’s database to be laid out in the open.
The organization owed the breach to an expired API which
allowed anyone to access the data of users. Major percentage of the affected included
the hotline number users.
Security researchers were the first to discover the breaches
that so thrashed Justdial. They also cited that no specific actions against them
were taken.
These claims were denied by Justdial mentioning that the data
was stored in a double-encrypted format.
The same group of researchers again found out a lacuna in
the API of Justdial on April 29th.
Herein the people who post reviews were harmed in the form
of their data being exposed.
Reportedly, the API connected to Justdial’s reviewers’ database
had been unprotected since the company’s foundation.
Hence, the reviewers’ names, mobile numbers, locations and
all became easily accessible thanks to the loophole.
But this issue was immediately fixed, according to the
reporters.
No matter what happened, the unprotected database and the
loophole contributed largely to the data breaches.
Justdial employs a humongous database and hence has large
number of data stored within it.
Weak API and poor “Operation Security” is majorly to blame
for all the breaches Justdial saw in these couple of weeks.
According to security researchers, API handlers and managers
should be employed. Also easily implemented software switch could help in
protecting the access points.
Also the first breach should have been taken seriously and
used as a means of learning to help secure the system from future attacks.
It is evident that the company needs to strengthen their
operational security and up their game in terms of securing the present
loopholes and possible lacunae.

Share this with Your friends:

Leave a Reply

Your email address will not be published. Required fields are marked *