Newsbytes
  • India
  • Business
  • World
  • Politics
  • Sports
  • Science
  • Entertainment
  • Auto
  • Lifestyle
  • Inspirational
  • Career
  • Bengaluru
  • Delhi
  • Mumbai
  • Videos
  • Find Cricket Statistics
Hindi
More
Newsbytes
Hindi
Newsbytes
User Placeholder

Hi,

Logout


India
Business
World
Politics
Sports
Science
Entertainment
Auto
Lifestyle
Inspirational
Career
Bengaluru
Delhi
Mumbai
Videos
Find Cricket Statistics

More Links
  • Videos

Download Android App

Follow us on
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
 
Home / News / Science News / Critical bug in Justdial exposed more than 156 million accounts
  • Science

    Critical bug in Justdial exposed more than 156 million accounts

    Shubham Sharma
    Written by
    Shubham Sharma
    Twitter
    Last updated on Oct 10, 2019, 05:28 pm
    Critical bug in Justdial exposed more than 156 million accounts
  • In a major incident, India's famous search app, Justdial, has exposed personal account details of over 156 million users.

    It suffered from a bug that allowed anyone to log into the user accounts and access the information they contained - names, phone numbers, email addresses, and more.

    Here's all about the issue and how it occurred.

  • In this article
    App caught leaking personal account information Financial transactions also revealed by the bug Issue in the Register API of the service Justdial claimed no data has been stolen
  • Issue

    App caught leaking personal account information

  • First discovered by security researcher Ehraz Ahmed and flagged by MoneyControl, the issue existed in the Justdial app and opened access to all accounts on the service.

    This meant a hacker aware of the vulnerability would have been able to leverage it to break into anyone's Justdial account, steal their personal information (name/number/email), and use the services provided by Justdial on their name.

  • Impact

    Financial transactions also revealed by the bug

    Financial transactions also revealed by the bug
  • As the bug opened access to anyone's Justdial account, the financial data associated with Justdial Pay, the company's payment service, was also exposed.

    However, luckily enough, it only exposed the balance and transactions made on Justdial Pay, not the payment or credit/debit card details of the users.

    That information remains masked in payment services, including the one operated by Justdial.

  • Issue

    Issue in the Register API of the service

  • According to Ahmed, the issue was detected in the Register API of Justdial -available across the web, mobile, and desktop - and can be exploited by entering a number in the username parameter.

    He said, by entering the phone number this way, the service gave away an access token, system ID (SID) and user ID (UID), enabling direct access to the targeted account.

  • Response

    Justdial claimed no data has been stolen

    Justdial claimed no data has been stolen
  • After Ahmed's disclosure and demonstration of the vulnerability, Justdial acknowledged the API bug but claimed that the issue has not been exploited to steal personal or financial data of the users.

    "We at Justdial take security seriously," the company told MoneyControl, adding that the bug in question could have been exploited by an expert hacker but has been fixed now.

  • India
  • Security
  • Technology
  • Moneycontrol
  • Ahmed
  •  
Latest News
  • Prince Harry's James Corden interview caused ''disquiet' at Buckingham Palace?
    Prince Harry's James Corden interview caused ''disquiet' at Buckingham Palace?
    Entertainment
  • Samsung Galaxy M31s becomes cheaper; now starts at Rs. 18,500
    Samsung Galaxy M31s becomes cheaper; now starts at Rs. 18,500
    Science
  • 'Baahubali' writer roped in for 'Sita - The Incarnation'
    'Baahubali' writer roped in for 'Sita - The Incarnation'
    Entertainment
  • BS6 Kawasaki Ninja 300's colors and engine details revealed
    BS6 Kawasaki Ninja 300's colors and engine details revealed
    Auto
  • La Liga, Sevilla 0-2 Barcelona: Records broken
    La Liga, Sevilla 0-2 Barcelona: Records broken
    Sports
Related Timelines
  • #BugAlert: Dating app Grindr risked private user information
    #BugAlert: Dating app Grindr risked private user information
    Science
  • #BugAlert: Security flaw flagged in Safari, but Apple delayed patch
    #BugAlert: Security flaw flagged in Safari, but Apple delayed patch
    Science
  • Critical vulnerabilities risking private user data flagged in OkCupid
    Critical vulnerabilities risking private user data flagged in OkCupid
    Science
  • New bug exposes Wi-Fi traffic of billion devices (including phones)
    New bug exposes Wi-Fi traffic of billion devices (including phones)
    Science
Trending Topics
Samsung OnePlus Mobiles Android TV Smart TV Latest Gadget Launch MediaTek Dimensity 1000+ COVAXIN Latest Tech News Upcoming Mobile Phones
Next News Article
Share
Cancel

Want to share it with your friends too?

Facebook Whatsapp Twitter Linkedin
Copied

Love Science news?

Subscribe to stay updated.

Science Thumbnail
India News Business News World News Politics News Sports News Science News Entertainment News Auto News Lifestyle News Inspirational News
Career News Bengaluru News Delhi News Mumbai News Bharti Airtel Mukesh Ambani Indian Premier League Samsung Virat Kohli Rohit Sharma
Cricket News YouTube Hollywood News WhatsApp Bollywood News ISRO Yoga Honda Batman Football News
BMW Vaccine Reliance Jio OPPO Food News, Healthy Recipes Royal Challengers Bangalore Toyota Fashion Tips Farmers Protest Mohammed Bin Salman
Mercedes Europa League Isha Ambani India Vs England Cricket OnePlus Mobiles Android TV Smart TV Marvel Comics Avengers Neha Kakkar
Premier League Big Bang Theory X-Men TATA
About Us Privacy Policy Terms & Conditions Contact Us News Reviews News Archive Topics Archive Find Cricket Statistics
Follow us on
Facebook Twitter Linkedin Youtube
All rights reserved © NewsBytes 2021