A critical security vulnerability in the web admin dashboards of DavaIndia Pharmacy, a major player in India’s pharmaceutical sector, has exposed sensitive customer data and internal systems, raising concerns over data privacy and cybersecurity. According to TechCrunch, the flaw allowed unauthorized access to a trove of online pharmacy orders, including customer details, product listings, pricing data, and drug-prescription requirements.
Security researcher Eaton Zveare discovered that the flaw enabled outsiders to exploit ‘super admin’ privileges, granting them full control over the platform. The incident, now rectified, underscores the importance of robust cybersecurity measures in safeguarding sensitive data. With DavaIndia Pharmacy rapidly expanding its retail footprint, the exposure of nearly 17,000 online orders and administrative controls across hundreds of stores highlights the scale of the security oversight.
Such vulnerabilities could have severe repercussions, potentially leading to misuse of private health information, unauthorized modifications to product details, and even website defacement. The accessibility of this data since late 2024 emphasizes the critical need for continuous monitoring and prompt mitigation of security risks in digital platforms.
Source: TechCrunch