Justdial faced a data breach leaking over 100 million users’ data including name, email, mobile number, gender, date of birth, photo, company and occupation, among others, reports the Economic Times, citing an independent security researcher. Over 70% of the data belonged to users who called Justdial’s “8888888888” number. According to the researcher, even data of non-registered users who called this number may have been leaked. Four API interfaces were left exposed for years, and the company has still not fixed the issue. The newer version of Justdial’s website remains protected from the breach, per the report.
Several private companies have leaked personal data of users recently:
- PayU: Last month, it was discovered that PayU was leaving users’ credit and debit card information exposed on its dashboard. PayU said its use of information on saved cards is encrypted and all users have to mandatorily go through CVV and OTP authentication to complete transactions.
- Ixigo: 18 million records from travel bookings site Ixigo were breached in February, as part of a larger data breach affecting 127 million user records across 8 companies. Ixigo’s leaked user data included password hashes, full name, IP address, username, email, Facebook URL, and the passport ID number and the names of some users.
- Quora: Data of 100 million users were breached in December last year after its systems were compromised by a malicious third party.
- Marriott: Hackers accessed up to 500 million customer records in Marriot Hotels’ Starwood reservation system in an attack which began four years ago. The exposed data included payment details and account information, among other things.