Last Friday, security researcher Rajshekhar Rajaharia was at home, surfing the web. He landed on the website of Justdial, a provider of local search for different services.
Rajaharia works with several law enforcement agencies to solve cyber security cases. He immediately realised something was wrong. He found the APIs (application programme interfaces) of the tablet version of Justdial’s website was exposed — this made the personal information of 100-odd million users ‘publicly accessible’.
This included information such as names, e-mail IDs, mobile numbers, genders, dates of birth, addresses, photos and occupations of the users. “Anyone having access to it (APIs) can grab all the data,” Rajaharia told Business Standard. “I immediately tried to reach the firm to alert them, but didn’t get a response immediately.”
TO READ THE FULL STORY, SUBSCRIBE NOW NOW AT JUST RS 249 A MONTH.
Subscribe To Insights
Key stories on business-standard.com are available to premium subscribers only.Already a BS Premium subscriber? Log in NOW
What you get on Business Standard Premium?
- Unlock 30+ premium stories daily hand-picked by our editors, across devices on browser and app.
- Pick your 5 favourite companies, get a daily email with all news updates on them.
- Full access to our intuitive epaper - clip, save, share articles from any device; newspaper archives from 2006.
- Preferential invites to Business Standard events.
- Curated newsletters on markets, personal finance, policy & politics, start-ups, technology, and more.