Data Breach at DavaIndia Exposes Customer Orders and Admin Controls Across 883 Stores
DavaIndia Pharmacy Security Vulnerability Exposes Sensitive Customer Data
A significant security vulnerability at DavaIndia Pharmacy, a prominent retail pharmacy chain in India, exposed sensitive customer data and administrative controls, posing serious risks to patient privacy and safety.
Vulnerability Details
The incident was discovered by a security researcher, who found that insecure application programming interfaces (APIs) on the company’s website allowed unauthorized users to create “super admin” accounts, granting them full control over the platform.
Risks and Implications
The exposure of this data carried heightened risks due to the sensitive nature of pharmacy purchases, which can reveal health conditions or treatments.
The researcher reported that the administrative interfaces appeared to have been accessible since late 2024, suggesting that the flaw may have remained undetected for months.
Although t
About Author
English