Indian shipping logistics giant Shipyaari has exposed customer data – TechCrunch

Shipyaari, a Mumbai-based software company that provides shipping logistics to major consumer brands, has released the personal information of thousands of its customers over months of wasting internal shipping information.

The exposed data, discovered by security researcher Ashutosh Barot, including names, addresses, phone numbers, order invoice amounts, and delivery status of Shipyaari customers. According to Barot, Shipyaari’s customer tracking page was not password protected and could be viewed by anyone who had the web address.

“The exposed information can later be used to carry out targeted social engineering attacks and financial fraud,” Barot told TechCrunch.

The researcher initially contacted Shipyaari about the exposure in October 2021, and the company promised a resolution in December. Some changes have been made, but the exposure has not been restored. It was finally resolved in late July after TechCrunch made contact with the security incident.

“I appreciate Shipyaari for solving the problem and implementing recommendations,” Barot said.

Also Check:   Is Vittoriadream.com Legit or Scam? Know Here

Shipyaari resolved the exposure by removing customers’ personally identifiable information (PII) from the tracking page and restricting access with a one-time PIN system (OTP). Later, it updated the system to prevent malicious attacks from launching automated attacks.

“Data privacy is of the utmost importance to us and we will ensure that such cases do not occur in the future,” said Vishal Totla, founder of Shipyaari, in an email response to TechCrunch.

Totla said that customer PII data is no longer displayed on the page during loading.

Shipyaari claims to handle more than 5,000 shipments per day. The company also has more than 6,000 active sellers across the country.

Barot underlined that India needed strict data privacy laws to help curb the growing number of data exposures and leaks.

Earlier this month, the Indian government repealed the much-anticipated Personal Data Protection Act, which was promoted to introduce strict rules to help protect the privacy of its citizens. The legislation alarmed tech giants and worried about how to manage sensitive user information.

Also Check:   Is Sunglasses Outlet Legit or Scam? Know Here



This post Indian shipping logistics giant Shipyaari has exposed customer data – TechCrunch

was original published at “https://techcrunch.com/2022/08/16/shipyaari-customer-data-exposed/”

Leave a Comment