A security researcher uncovered a database belonging to JustDial that was exposed online without any password protection.
Why it matters – The unprotected database exposed the personal information of almost 100 million users who accessed the service via its website, mobile app, or by calling its customer care number.
What was exposed – The exposed data includes JustDial users’ names, email addresses, mobile numbers, location addresses, genders, dates of birth, photos, designations, company names, and more.
Big picture to a this-An independent security researcher named Rajshekhar Rajaharia uncovered an unprotected database belonging to JustDial.
“#justdial Your 100 Million users data including name, email, mobile, gender, dob, address, photo, company, occupation & other details are publicly accessible. Fix ASAP. DM for Detail,” Rajaharia tweeted.
Upon discovering the leaky database, the security researcher contacted JustDial via its contact page to notify about the database, however, received no response. Rajaharia then contacted the hacker news and shared the details of the unsecured database.