The logistics firm exposed the personal information of thousands of customers due to a breach in its internal shipment data
Since the first discovery of the leak, which occurred in late 2021, the Shipyaari company has addressed the leak
The leak of Shipyaari information contained the names of customers, their addresses, telephone numbers, invoices for orders and delivery status
Mumbai-based logistics firm Shipyaari that provides the logistics service to D2C companies, revealed the personal details of its clients.
According to an TechCrunch report the logistics company leaked the information of thousands of customers as a result of a flaw in their internal information about shipment details, which was in place for months. The leak was discovered by Indian security researcher Ashutosh barot.
The leak of Shipyaari information contained addresses, names of customers telephone numbers, details of the invoices for orders as well as delivery information. Because the page tracking clients wasn’t password-protected anybody could have access to the same information using the web website address Barot noted.
“The exposed data could be used later to carry out specific social engineering attack or fraudulent financial transactions,” Barot told TechCrunch.
A request sent through Inc42 at Barot and Shipyaari failed to result in any response.
Since the initial detection of the leak, which occurred in the late 2021, the Shipyaari company has addressed the problem. The logistics giant has eliminated all personal identifiable information, also known as PII that it had on its tracking site and put the tracking site behind a secure wall that requires an OTP to gain access.
In general logistics companies allow their customers to view tracking information for packages by using only an order reference number, or invoice number. But, it is normal practice not to show PII on any tracking page.
In 2013, the company was founded with the help of Nayan Ratandhyara, and Vishal Totla in 2013, Shipyaari boasts to have more than 25,000 pin code addresses and managing 5,000 daily shipments. Shipyaari’s website states that it has partnered in more than 6,000 sellers in the United States.
India has had plenty of data leaks in the past few years, but none were as damaging and poorly dealt with as MobiKwik data leak of last year. affected more than 100 million users The data leak was the biggest ever within the Indian startup industry.
But it was not just that MobiKwik threat the researcher who has pointed out this leak and named Rajshekhar, but they also claimed that the breach was not a problem and blamed the responsibility for leaks of customer data on the customers themselves.
MobiKwik however, was not the only company to suffer from the data leaks of last year. Since November, 2020 data leaks from LimeRoad, BigBasket, Zee5, Chqbook, Upstox and Bizongo witnessed data of more than 37.5 million customers released.
However, Domino’s India was the site of a massive data leak in the year 2000, at the time data relating to more than 180 million orders were leaked on the dark internet.
India was developing legislation on the Personal Data Protection Bill since 2017. However, the government put it on hold following a backlash from different sectors of the business. The government gave a variety of reasons to pull it back such as the increase in the burden of compliance for startups and is currently developing an updated bill.