A major flaw in an Indian local search app, Justdial, allowed hackers to log in to any of its 156 million users accounts. Apart from accessing user information such as names, phone numbers, and email addresses, the vulnerability allowed them to peek into financial details including balance and transactions of an account through JustDial Pay, the company’s payment service. First reported by MoneyControl, the bug was discovered by security researcher Ehraz Ahmed last month. It exploited the site’s Register API used for sign-ups. A video posted by Ahmed shows a hacker can use a person’s phone number as user name and…
This story continues at The Next Web