PrivacySavvy experts discovered an OTP vulnerability in Airlift Express, which could lead to account hacks and exploits by cybercriminals.
A team of security researchers from PrivacySavvy recently discovered an OTP vulnerability in Airlift Express, which could lead to account hacks and exploits by cybercriminals.
Fortunately, the company has successfully fixed the security loopholes, but the incident shows the inadequacy of one-time passwords in protecting app users.
PrivacySavvy Labs is a group of researchers whose sole aim is to identify loopholes in the security of web applications that people use every day. They aim to make internets user safe and aware of the threats to their digital security.
This Airlift Express discovery is among the many companies the team has evaluated and helped avoid unnecessary security issues.
OTP Vulnerability in Airlift E-commerce store Airflift Express
Airlift is a Pakistani mass Transit Company also offering online grocery services through its Airlift Express. Recently a group of researchers from Privacysavvy Labs discovered a security bug that could enable hackers to compromise Airlift Express users. According to the researchers, this security bug can provide a loophole for brute force attacks. Hackers can hijack an account on Airlift Express for whatever reasons known to them.
As per the PrivacySavvy report published on March 31st, hackers could perpetrate a brute force attack successfully on Airlift because the system is still using OTPs (one-time passwords). Usually, if you forget your password but want to log into Airlift Express, the system will advise you to click on “forgot password.” Once you do this, you’ll then enter your email address or phone number to open your account using an OTP, which Airlift will send to you ..