The information — names, addresses, phone numbers and purchase history — included personal data of celebrities, popular businesspersons and doctors, among others.
The vulnerabilities were discovered by Rahil Bhansali and Ankit Pandey on December 29. Bhansali detailed the vulnerabilities in his Medium blog on Wednesday.
ET has reviewed the data but could not independently verify for how long the user information had been accessible on both the companies’ websites before the matter was resolved.
The vulnerabilities were due to problems with the application programming interfaces (APIs) at both the websites, Bhansali said in a blog post. APIs are a way of accessing data within websites and software but are normally not openly accessible.
If accessed, personal information could be easily used by cybercriminals to impersonate identities, for scamming and other commercial uses, independent security researchers said.
By using details such as name, number and purchase history, a user can be duped into renewing a warranty or applying for additional services on a fake web page, thereby securing the person’s banking or card details, said Sai Krishna Kothapalli, CEO at Hackrew. “There are many ways in which scammers can make use of such data. They can be sold or traded on the dark web as well,” he said.
Dark web refers to that area of cyberspace where content cannot be searched using normal searc ..
Support the originator by clicking the read the rest link below.
