The IT security researchers at CloudSEK have reported that millions of mobile app users could have exposed their private and payment data due to API security vulnerabilities discovered in several applications.
The report revealed that around ten mobile apps using Razorpay payment gateway exposed secret transaction keys. This jeopardizes users’ data safety and makes them vulnerable to a wide range of attacks.
For your information, Razorpay is a widely used platform, serving over 8 million businesses across the globe.
A Case of Mishandled APIs
CloudSEK revealed in its report titled ‘Exposed Payment Integration API Keys Imperil Millions of User’s Transaction Details and PII’ that around 13,000 apps were uploaded on its BeVigil security search engine. Out of these, nearly 250 apps used the Razorpay API for processing financial transactions. Around 10 (5%) of these apps exposed the payment integration key ID and key secret.
<img aria-describedby="caption-attachment-88007" class="wp-image-88007" src="https://cyberiqs.com/wp-content/uploads/2021/09/millions-impacted-payment-api-vulnerbilities-exposing-transaction-keys-1024×209-1.jpg" alt="Millions impacted as payment API vulnerbilities exposing
Read the article