Justdial, one of the prominent local search engines in India, has come under fire for exposing the database of individuals who posted reviews on the platform. This is the second time in two weeks that the search engine firm has leaked personal details of individuals.
On April 29, 2019, Rajshekar Rajaharia, an independent researcher discovered a major loophole in the API of Justdial which exposed the database of reviewers for the platform.
“The API connected to Justdial’s database of reviewers has been unprotected since the company’s foundation,” Rajaharia told Inc42.
Rajaharia is the same researcher who had uncovered the first loophole that exposed the personal data of over 100 million users.
What data is involved?
The information exposed in the incident includes the reviewer’s name, mobile number, and location. The expert noted that the API connected to the database was not protected with a password.
“The API connected to Justdial’s database of reviewer’s has been unprotected since the company’s foundation. This loophole means that reviewer’s name, mobile number, and location were publicly available on the internet,” Rajaharia added.
What actions have been taken?
Upon learning the incident, Justdial was quick at taking remedial steps. The firm has fixed the issue which led to the data breach.
In response to a query by Inc42, a Justdial spokesperson has said that all sensitive information including financial information belonging to customers has been protected as per industry practices.