A massive security loophole at Just Dial has just been discovered. The flaw, discovered by an independent security researched, has the potential to provide hackers with unmitigated access to almost 156 million unique users across the Just Dial ecosystem, that includes its web, mobile website, app and voice platforms.
Discovered by Ehraz Ahmed, the flaw can be leveraged by a competent hacker to log into just about any Just Dial account under the sun by entering a phone number in the username field. Not only does this put the user’s personal data at risk, but could also compromise the user’s social profile since the hacker could use the system ID generated by exploiting the flaw to access the Just Dial Pay account, and post on the user’s social profile.
Check out a video Ahmed shared with MoneyControl, demonstrating the flaw in detail.
This is not the first time that the platform is finding itself in trouble. Earlier this year, the company faced a massive data breach in which data of more than 100 million users, including names, e-mails, mobile number, gender, date of birth, and address was made publicly available. In that case, the source of the breach was different and it affected people who had merely called the popular 8888888888 hotline.
At that time, the company had refuted claims that its platform was not sufficiently protected and had released a statement which spoke about adequate encryption. This new breach however, appears to be yet another glaring chink in its security armor.
We are awaiting further developments around this news and will update this article as soon as something comes up. Stay tuned!