Indian local search service JustDial is facing a data breach of more than 100 million users which included the exposure of data such as names, email IDs, mobile numbers, gender, date of birth, and addresses. Founded over twenty years ago, JustDial (JD) is India’s oldest and leading local search engine for various services.
The man who discovered the breach, Rajshekhar Rajaharia, has said that 70 percent of the data was from users who merely called JustDial’s customer care number. According Rajaharia, an unprotected, publicly accessible API endpoint in the database can be accessed by anyone to view the users’ profile information.
“Even if one would not have used their app or website, if you ever called their customer service, your data may have been leaked.”
BENGALURU: Local search service JustDial faced a data breach on Wednesday, with data of more than 100 million users, including names, email ids, mobile numbers, gender, date of birth and addresses publicly available, an independent security researcher said in a Facebook post. Fintech startup EarlySalary, travel firm Ixigo, foodtech company FreshMenu and Zomato have faced similar breaches of customer data in the past. Rajshekhar Rajaharia, who uncovered the breach, said that 70% of the data was of users who called JustDial’s customer care number “88888 88888". “Even if one would not have used their app or website, if you ever called their customer service, your data may have been leaked,” he said, adding the breach happened through an older version of JustDial’s website which was unattended since mid-2015.