Friday, August 6, 2021
Home Technology LazyPay Users’ Sensitive Data Could Have Been Revealed by a Security Flaw

LazyPay Users’ Sensitive Data Could Have Been Revealed by a Security Flaw


LazyPay, the digital credit platform by Netherlands-based fintech company PayU, was found to have a security flaw that could have allowed hackers to obtain user data such as their full name, gender, date of birth, and phone number, according to a security researcher. He said that the issue was resolved quickly after it was reported to PayU, and the company confirmed the vulnerability but told Gadgets 360 that there was no user data leaked. However, LazyPay has not informed its users about the flaw and its fix.

Bengaluru-based Ehraz Ahmed discovered the vulnerability in LazyPay. He stated that the flaw allowed attackers to fetch sensitive user information by using the phone number of any registered users on the platform.

Upon getting the phone number, an attacker could get data such as the full name, gender, date of birth, postal address, profile picture, primary and secondary email addresses, and know-your-customer (KYC) status, Ahmed explained in a blog post.

He added that the issue was vulnerable as a hacker with minimal programming skills could easily create a program to fetch a series of phone numbers and pass them to the unsecured API to extract sensitive user information in an automated way. The researcher told Gadgets 360 that he found the flaw by tricking one of the API endpoints provided by LazyPay to third-party developers.

Shortly after finding the vulnerability in October, Ahmed reached out to LazyPay parent PayU. The company acknowledged the issue and responsibly fixed it right away. Ahmed reached out to Gadgets 360 with the details about the flaw in late May. After understanding the issue, we communicated with PayU to get further clarity on the matter.

A PayU spokesperson the flaw and also assured Gadgets 360 that its fix was already in place.

“PayU takes the security of our systems and our data very seriously,” the spokesperson said. “We are continuously running checks to ensure that our payment systems are safe and secure for everyone to access and use. The incident with regard to the security gap with LazyPay which was reported in the month of October was immediately resolved. There was no leak of customer information due to this incident.”

The company, however, did not inform its customers directly about the incident that had put their personal data at risk.

Launched back in 2017, LazyPay comes as a “buy now, pay later” offering by PayU to let customers make repayments for their orders online via instalments. The platform is claimed to be accepted across over 250 websites and apps, including BookMyShow, Flipkart, MakeMyTrip, and Swiggy.

LazyPay also offers personal loans up to Rs. 1 lakh through a digital process. Customers signing up on the platform are required to provide their photo ID proofs such as PAN or Aadhaar, alongside their bank details, and a selfie.


Interested in cryptocurrency? We discuss all things crypto with WazirX CEO Nischal Shetty and WeekendInvesting founder Alok Jain on Orbital, the Gadgets 360 podcast. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, Amazon Music and wherever you get your podcasts.



Source link

RELATED ARTICLES

10 quick tips of using Social Media to grow your business online!

Online Social Media Networks are the fastest growing channels. According to a latest report, Internet is about to hit 2 billion users by the...

4 Reasons you should buy an R4 karte

You can certainly do wonders with your Nintendo DS gaming console when you have the R4 karte available to be used with it. If...

For What Reason The Laptops Are Significant?

Innovation is progressing quickly in this day and age. PCs are turning out to be increasingly more significant these days - essentially...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Read these three books to master the art of money management

The three non-fiction books listed below have all the necessary information to turn you into a money management pro. You can find...

3 Reasons to Implement the Organic and White-hat SEO Optimization Techniques

The SEO optimization techniques are being implemented by a large number of businesses and advertisers to attract online visitors to their professional websites. Most...

Factors You Must Know About Minimum Amount Due In Credit Card

The purchase of some costly items has made it easy for us with the use of credit cards. But the card owners...

Decorate Your Fireplace With The Best Wood Logs For Sale

The fireplace is one of the primary focal points of holiday celebrations and get-togethers. You must buy the firewood in Sydney that’s...

Recent Comments