Tech

Policybazaar Security Vulnerabilities Personal Details of Customers, Defense Personnel: Report


Vulnerabilities in the systems of online insurance broker Policybazaar have led to the disclosure of personal information of thousands of customers, including defense personnel, a cybersecurity research firm announced today. Wednesday. CyberX9 said Aadhaar and PAN card details as well as customer addresses and phone numbers were exposed due to a security vulnerability and the issue was reported to Policybazaar on July 18.

On July 24, Policybazaar notified the stock exchanges that they have noticed gap on July 19, and no critical customer data was exposed.

When contacted on Wednesday, a spokesperson for Policybazaar referred to the filing to stock exchanges made on July 24 and said the identified vulnerabilities had been fixed once. valid manner as confirmed by an external advisor.

“A thorough forensic examination of the incident has been initiated with outside advisers. The case has been covered by the media. We have nothing to add,” the spokesperson said in a statement. declare.

PB Fintech parent of online broker listed on stock exchanges.

In its report, CyberX9 claims Policybazaar has disclosed all confidential and sensitive personal information, including information of Aadhaar, Pan card and the passports of millions of customers.

It also claims that the vulnerabilities in Policybazaar’s system potentially exposed the data of 56.4 million people who transacted on the platform.

“Information displayed throughout the Internet includes but is not limited to, customer’s full name, date of birth, full residential address, email address, mobile phone number, policy details, including details of the nominee, the user’s bank account statement, income tax return documents, passport, Aadhaar card, PAN card, etc”, it said.

In the case of defense personnel, information such as their designation, posting location and activities in which they participated was disclosed, the report asserts.

After notifying Policybazaar of the vulnerabilities on July 18, CyberX9 reported the incident to the cybersecurity watchdog. Cert-In on July 24th.

“Cert-In confirmed to us on July 25 that Policybazaar has now acknowledged and fixed the reported vulnerabilities and asked us to double check whether the vulnerabilities have been fixed,” the report said. know.

CyberX9 said it also sent a report to National Cyber ​​Security Coordinator Rajesh Pant, who promised to launch action against Policybazaar.

“Rajesh Pant promptly refunded us after going through the information we shared, they thanked us for the information and informed us that they would initiate action against Policybazaar.” , the report said.

An email question sent to Pant regarding this issue remains unanswered.

“At the end of our analysis, we have come to the conclusion that it is highly likely that Policybazaar may have these vulnerabilities that are intentional backdoor vulnerabilities that could allow the Chinese government to access sensitive data. sentiments of Indian citizens and especially defense personnel,” alleged CyberX9.

Based in China Tencent is one of the investors in Policybazaar.




Source link

news7f

News7F: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button