ADVERTISEMENT
Researcher detects security flaw in Pepperfry portal
DH Web Desk
Last Updated IST
The security flaw was detected by security researcher Ehraz Ahmed who said that the bug could allow a user to log into another user’s account and/or create a new account. (Image for Representation)
The security flaw was detected by security researcher Ehraz Ahmed who said that the bug could allow a user to log into another user’s account and/or create a new account. (Image for Representation)

Pepperfry, an online furniture store detected a bug that allowed users to sign into another registered user's account, according to a Moneycontrol report.

The security flaw was detected by security researcher Ehraz Ahmed who said that the bug could allow a user to log into another user’s account and/or create a new account.

The 'Internal Authentication' Application Program Interface (API) had a flaw which resulted in allowing users to auto-login. The bug also revealed personal information of users such as their name, address, contact number etc., and allowed hackers to hack the website and change user's first and last name.

ADVERTISEMENT

Pepperfry said that such flaws are usually fixed within an hour. "Protecting customer data is of the utmost priority for us. In order to maintain a secure platform as technologies and cyber threats evolve, we conduct security audits, regularly update our security protocols, do not store any customer financial details on our platform and also work with the ethical hacking community to identify and fix any potential issues. We typically fix a vulnerability within a few hours of it being identified," Pepperfry said to Moneycontrol.

ADVERTISEMENT
(Published 07 September 2019, 10:57 IST)