The flaw was reported by a security researcher Ehraz Ahmed
The interconnected relationship between internet and various organizations which can also be termed as e- organizations has its pros as well as cons. Data leaks and security is one of the major negative aspects here. A critical security flaw was found on Justdial, which could enable hackers to access sensitive account information of 156.1 million users on the platform. Justdial has claimed that they have fixed the flaw now.
The flaw was reported by a security researcher Ehraz Ahmed, via MoneyControl.com who disclosed the vulnerability of this security flaw. The flaw could return an access token, system ID (SID) and user ID (UID). The SID would then be used to access the account and another accounts linked to it while the UID would enable hackers to post on the user’s Justdial Profile.
“Hackers and telemarketers can mine the data of JustDial by automating a script using a phone number dump found online,” Ahmed wrote on his blog. Additionally he said, “The hackers can also access your Justdial Pay account and receive funds on your behalf by entering their bank account information in the Bank Details Settings, but they cannot transfer the funds as it requires them to have access to your bank account/UPI code.”
Accessing a Justdial account also gives access to the Justdial Pay account and its settings can be modified to redirect funds to another bank account which is a matter of worry. However, transferring existing funds to another account is not possible since an account or UPI pin is required to confirm the transaction.
Stay tuned for more updates.
