Over 100 Million JustDial Users' Personal Data Found Exposed On the Internet
Apr 17, 2019
An unprotected database belonging to JustDial , India's largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy "88888 88888" customer care number, The Hacker News has learned and independently verified. Founded over two decades ago, JustDial (JD) is the oldest and leading local search engine in India that allows users to find relevant nearby providers and vendors of various products and services quickly while helping businesses listed in JD to market their offerings. Rajshekhar Rajaharia , an independent security researcher, yesterday contacted The Hacker News and shared details of how an unprotected, publicly accessible API endpoint of JustDial's database can be accessed by anyone to view profile information of over 100 million users associated with their mobile numbers. The leaked data includes JustDial users' na...