Data breach at JustDial leaks 100 million user details

Bengaluru: Local search service JustDial faced a data breach on Wednesday, with data of more than 100-million users, including names, email ids, mobile numbers, gender, date of birth and addresses publicly available, an independent security researcher said in a Facebook post.

Fintech startup EarlySalary, Paytm, travel firm Ixigo, foodtech company FreshMenu and Zomato have faced similar breaches of customer data in the past.

Rajshekhar Rajaharia, who uncovered the breach, said that 70% of the data was of users who called JustDial's customer care number "88888 88888".

"Even if one would not have used their app or website, if you ever called their customer service, your data may have been leaked," he said, adding that the breach happened through an older version of JustDial's website which was unattended since mid-2015.

Four application programme interfaces (APIs) had remained unprotected over these years, Rajaharia said. "The company reached out to me today, but has been unable to fix the issue completely as the data is still accessible."

An emailed query sent to JustDial remained unanswered till press time.

The newer version of JustDial's website, which was revamped a few months ago, remained protected from the breach, said Rajaharia.

Mumbai-based JustDial is an online directory for services and also offers facilities such as bill payments and recharges, grocery and food delivery, along with handling bookings for restaurants, cabs and movie tickets.