JOIN USResearcher detects security flaw in Pepperfry portal
Pepperfry, an online furniture store detected a bug that allowed users to sign into another registered user's account, according to a Moneycontrol report.
The security flaw was detected by security researcher Ehraz Ahmed who said that the bug could allow a user to log into another user’s account and/or create a new account.
The 'Internal Authentication' Application Program Interface (API) had a flaw which resulted in allowing users to auto-login. The bug also revealed personal information of users such as their name, address, contact number etc., and allowed hackers to hack the website and change user's first and last name.
Pepperfry said that such flaws are usually fixed within an hour. "Protecting customer data is of the utmost priority for us. In order to maintain a secure platform as technologies and cyber threats evolve, we conduct security audits, regularly update our security protocols, do not store any customer financial details on our platform and also work with the ethical hacking community to identify and fix any potential issues. We typically fix a vulnerability within a few hours of it being identified," Pepperfry said to Moneycontrol.