JustDial data leak exposed personal details of 100 million users: IT expert

Cyber-security researcher Rajshekhar Rajaharia claims that user data ‘including name, email, mobile number, gender, dob, address, photo, company, occupation & other details’ are publicly accessile

Technology News: Justdial, a company that provides local search for different services in India over voice calls and internet, suffered a data breach last week that compromised the personal details of 100 million users, according to independent cyber-security researcher Rajshekhar Rajaharia.

Inc42 quoted a senior JustDial executive on Monday as saying that the company is investigating the alledged loopholes in its database and that the company’s systems are foolproof. Rajaharia said on Wednesday that user data “including name, email, mobile number, gender, dob, address, photo, company, occupation & other details are publicly accessible” on the site. An Economic Times report on Thursday quoted the expert as saying that the company has not been able to fix the breach. He said that 70 per cent of the data was of users who called JustDial’s customer care number ‘88888 88888’.

He told Inc42 that the link between JustDial application and database is not protected. Data breach incidences in India were the second highest globally in 2018, according to a report by digital security firm Gemalto.

A report by news agency IANS said on Wednesday that cyber security experts have raised alarms over an ‘advanced phishing attack’ on IT bellwether Wipro, saying that no organisation, regardless of its size, is immune from sophisticated cyber criminals in India. The IT giant suffered an attack on its employee database. E-commerce giant Amazon faced a data leak in December last year that exposed some sellers’ private financial information to other users. Amazon India has 150 million registered users and around 4 million merchants sell on its platform.

The issue of safety of user data took centre stage after Facebook, the global social media giant, disclosed that an obscure gaming app fed users’ data to political data mining firm Cambridge Analytica without authorisation in early 2018. Data of about 87 million users, by one estimate, were left exposed.