A small cybersecurity company informed Policybazaar last month that it had found severe security flaws in the organization’s internet-facing network that could expose the private financial and personal information of at least 11 million customers to malicious hackers.
The unnamed firm used the typical ethical hacker strategy, which gave Policybazaar, the insurance aggregator, time to fix the bugs and notify the authorities. It said that it felt legal, in part because it had workers who were clients, but it did not get permission in advance to test Policybazaar’s technology.
On July 24, a publicly held entity Policybazaar — which counts Tencent among its investors — notified India’s stock markets that it had suffered an unauthorized breach, but “no substantial customer data was compromised.”
Flaw analysis
CyberX9’s director Himanshu Pathak said that anyone with decent computer/IT expertise could have easily found, used, and leaked all of this material.
CyberX9, a startup, is not passive. The company’s managing director wants Indians to be aware that since many extremely significant flaws were so simple to find, it appeared as though Policybazaar had purposefully left itself vulnerable to hacking by criminals.
The data also contains copies of the identification, health, and financial documents that people must present in order to obtain insurance, such
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: