Exclusive: Security breach on Pepperfry exposes details of users; now plugged

Get real time updates directly on you device, subscribe now.

Exclusive: Security breach on Pepperfry exposes details of users; now plugged

Exclusive: Security breach on Pepperfry exposes details of users; now plugged

A major security flaw was detected on online furniture store Pepperfry’s website, which could have allowed users to sign in to another registered user’s account. Pepperfry has claimed that the bug was fixed within an hour of being detected.

Security researcher Ehraz Ahmed found the bug on Pepperfry’s website, which could have led to the security flaw. Speaking exclusively to Moneycontrol, Ahmed said that the bug could allow a user to log into another user’s account and/or create a new account of any user, which does not exist.

The flaw was with the website’s ‘Internal Authentication’ Application Program Interface (API), which allowed users to auto-login. The same API showed personal information of users such as their name, address, contact number etc.

Screenshot 2019-09-06 at 9.06.20 PM

The same bug led to another security flaw that allowed a hacker to change the first and last name of a Pepperfry user, Ahmed claimed.

The first bug led to another bug that allowed the hacker to change a user's first and last name

Here is how the change in name was successfully reflected on Pepperfry's website.

Moneycontrol reached out to Pepperfry to confirm if there was a flaw and the company said: “Protecting customer data is of utmost priority for us. In order to maintain a secure platform as technologies and cyber threats evolve, we conduct security audits, regularly update our security protocols, do not store any customer financial details on our platform and also work with the ethical hacking community to identify and fix any potential issues. We typically fix a vulnerability within a few hours of it being identified.”

The company added that the bug was found and fixed within an hour and that there was no loss of any information, nor was the information of any user a risk.

The bug could have potentially affected over 2 million Pepperfry users had it not been addressed in time. Such flaws have earlier led to massive data leaks wherein personal information of users was breached.

Watch the video below for more:

Get access to India’s fastest growing financial subscriptions service Moneycontrol Pro for as little as Rs 599 for first year. Use the code “GETPRO”. Moneycontrol Pro offers you all the information you need for wealth creation including actionable investment ideas, independent research and insights & analysis For more information, check out the Moneycontrol website or mobile app.

Images are for reference only.Images and contents gathered automatic from google or 3rd party sources.All rights on the images and contents are with their original owners.

2019-09-09 01:52:21

Images are for reference only.Images gathered automatic from google.All rights on the images are with their original owners.

Get real time updates directly on you device, subscribe now.

Comments
Loading...

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Do NOT follow this link or you will be banned from the site!