JustDial data leak exposed personal details of 100 million users: IT expert

Justdial, a company that provides local search for different services in India over voice calls and internet, suffered a data breach last week that compromised the personal details of 100 million users, according to independent cyber-security researcher Rajshekhar Rajaharia.

Inc42 quoted a senior JustDial executive on Monday as saying that the company is investigating the alledged loopholes in its database and that the company's systems are foolproof.

Rajaharia said on Wednesday that user data "including name, email, mobile number, gender, dob, address, photo, company, occupation & other details are publicly accessible" on the site.

An Economic Times report on Thursday quoted the expert as saying that the company has not been able to fix the breach. He said that 70 per cent of the data was of users who called JustDial's customer care number '88888 88888'.

He told Inc42 that the link between JustDial's application and database is not protected.

Data breach incidences in India were the second highest globally in 2018, according to a report by digital security firm Gemalto.

A report by news agency IANS said on Wednesday that cyber security experts have raised alarms over an 'advanced phishing attack' on IT bellwether Wipro, saying that no organisation, regardless of its size, is immune from sophisticated cyber criminals in India. The IT giant suffered an attack on its employee database. E-commerce giant Amazon faced a data leak in December last year that exposed some sellers’ private financial information to other users. Amazon India has 150 million registered users and around 4 million merchants sell on its platform.

The issue of safety of user data took centre stage after Facebook, the global social media giant, disclosed that an obscure gaming app fed users’ data to political data mining firm Cambridge Analytica without authorisation in early 2018. Data of about 87 million users, by one estimate, were left exposed.

EarlySalary, a fin-tech start-up, was the victim of a ransomware attack in October. The attacker was looking to extort ransom against data of at least 20,000 users that it had accessed from an earlier version of its website.

Food start-up FreshMenu had also faced a data breach that left exposed the personal details of 110,000 users. What irked users was that the firm admitted to the breach two years later.

At the moment, the country does not have a provision for a user, whose data has been exposed, to recover damages from companies responsible for this. A section in the draft Data Protection Bill, which is undergoing consultations and pruning, however, lays down directives for early disclosure of leaks and a mechanism to try cases pertaining to such lapses.