india shipping logistics giant shipyaari exposed customer data

Shipyaari, a Mumbai-based software company that offers shipping logistics to major consumer brands, exposed the personal data of thousands of its customers because of a months-long spill of its internal shipment information.

The exposed data, discovered by security researcher Ashutosh Barot, included Shipyaari customers’ names, addresses, phone numbers, order invoice amounts and delivery status. According to Barot, Shipyaari’s client tracking page was not password protected and could be viewed by anyone who had the web address.

“The exposed information could later be used to perform targeted social engineering attacks and financial frauds,” Barot told TechCrunch.

The researcher initially contacted Shipyaari about the exposure in October 2021 and the company promised a fix in December. Some changes were made, but did not fix the exposure. It was eventually fixed in late-July after TechCrunch reached out about the security incident.

“I appreciate Shipyaari for fixing the issue and implementing recommendations,” Barot said.

Shipyaari fixed the exposure by removing customers’ personally identifiable information (PII) from the tracking page and restricted its access with a one-time PIN (OTP) system. It later updated the system to limit bad actors from launching automated attacks.

“Data privacy is of utmost importance to us, and we will ensure such instances should not occur in the future,” Vishal Totla, founder of Shipyaari, said in an email response to TechCrunch.

Totla said customer PII data will no longer display on the page while loading.

Shipyaari claims to handle more than 5,000 shipments a day. The company also has over 6,000 active sellers across the country.

Barot underlined that India needed strong data privacy laws to help limit growing instances of data exposures and leaks.

Earlier this month, the Indian government withdrew the long-anticipated Personal Data Protection Bill that was promoted to bring stringent rules to help protect its citizens’ privacy. The legislation alarmed tech giants and raised concerns about how they could manage sensitive user information.

TECH NEWS RELATED

Connect with Mayfield, JETRO, Toptal and more at TechCrunch Disrupt

Mark your calendars, startup fans, because TechCrunch is returning — live and in person — to the beautiful City by the Bay to host our flagship event, TechCrunch Disrupt, on October 18–20 at the Moscone West Convention Center followed by an online recap event on October 21. TC Disrupt ...

View more: Connect with Mayfield, JETRO, Toptal and more at TechCrunch Disrupt

Twitter’s first comms exec is building a comms network for execs

The communications world is an enigma, and at times, feels counter to the job of a journalist. So to hear that there’s an effort to help more comms people trade notes, share stories and prepare curated responses, I have the selfish worry that we’ll have less vulnerability coming from ...

View more: Twitter’s first comms exec is building a comms network for execs

AI is taking over the iconic voice of Darth Vader, with the blessing of James Earl Jones

From the cringe-inducing Jar-Jar Binks to unconvincing virtual Leia and Luke, Disney’s history with CG characters is, shall we say, mixed. But that’s not stopping them from replacing of one of the most recognizable voices in cinema history, Darth Vader, with an AI-powered voice replica based on James Earl ...

View more: AI is taking over the iconic voice of Darth Vader, with the blessing of James Earl Jones

Crypto platform Nexo sued by New York, California and six other US regulators

Crypto platform Nexo is being sued by eight U.S. state securities regulators representing New York, California, Kentucky, Maryland, Oklahoma, South Carolina, Washington and Vermont. According to a press release from New York Attorney General Letitia James, Nexo and Nexo Capital failed to register with the state’s securities and commodities ...

View more: Crypto platform Nexo sued by New York, California and six other US regulators

HBO Max releases ‘The Last of Us’ trailer to bring more gamers to the streaming service

HBO’s “The Last of Us” is the latest TV series adapted from a video game that aims to bring more gamers to the streaming service. Today, the first full trailer of “The Last of Us” was released, giving fans of the best-selling franchise a look at the new show, ...

View more: HBO Max releases ‘The Last of Us’ trailer to bring more gamers to the streaming service

Advocacy groups slam Amazon and MGM’s controversial “Ring Nation” show ahead of its premiere

Making its television premiere tonight, “Ring Nation” is debuting amid calls from advocacy groups to cancel the show. MGM (now owned by Amazon) is leveraging footage from Ring security cameras (also owned by Amazon) to create a show along the lines of “America’s Funniest Home Videos,” with Wanda Sykes ...

View more: Advocacy groups slam Amazon and MGM’s controversial “Ring Nation” show ahead of its premiere

Hugging Face and ServiceNow launch BigCode, a project to open source code-generating AI systems

Code-generating systems like DeepMind’s AlphaCode, Amazon’s CodeWhisperer and OpenAI’s Codex, which powers GitHub’s Copilot service, provide a tantalizing look at what’s possible with AI today within the realm of computer programming. But so far, only a handful of such AI systems have been made freely available to the public ...

View more: Hugging Face and ServiceNow launch BigCode, a project to open source code-generating AI systems

Yeah, funding for creator-focused startups is drying up

Services that help folks make, share and profit from creative works — Maven to Bounty to Substack to Patreon to Canva — have proliferated and grown in recent years. The rise of creator-focused startups was not an accident; instead, a secular trend of more accessible software for more diverse ...

View more: Yeah, funding for creator-focused startups is drying up

Apple Music becomes the official sponsor of the Super Bowl halftime show

Here are the industries ripe for innovation under the Inflation Reduction Act

Kobo Clara 2E review: A worthy update to an solid e-reader, with an eco-conscious touch

Take a peek at who’s attending Disrupt

Designers underwhelmed by Adobe-Figma deal

Faraday Future raises $100 million to help launch flagship FF 91

Gently’s shopping aggregator aims to remove friction of locating secondhand apparel

Watch the asteroid-smashing DART spacecraft make its 6-million-mile shot today

US arm of Israeli defense giant Elbit Systems says it was hacked

Venture investors hit the brakes on productivity software

Volkswagen, Umicore venture shows the circular EV battery economy is heating up

“Insane” — UK Tech reacts to Gov moves that might hand UK startups contract to Barclays Bank

OTHER TECH NEWS

Top Car News Car News