A security lapse by one of India's largest pharmacy chains allowed outsiders to gain full administrative control of its platform, exposing customer order data and sensitive drug-control functions, TechCrunch has exclusively learned. The issue affected DavaIndia Pharmacy, the pharmacy arm of Zota Healthcare, which operates a large network of retail outlets across India. Security researcher Eaton Zveare told TechCrunch that he discovered the flaw after identifying insecure 'super admin' application programming interfaces on DavaIndia's website and privately shared details with Indian cybersecurity authorities. The exposure comes as Zota Healthcare rapidly scales DavaIndia Pharmacy's retail business. The Gujarat-headquartered company operates more than 2,300 DavaIndia stores across India, including 276 new outlets announced in January, and plans to add another 1,200 to 1,500 over the next two years. With that level of access, an attacker could view thousands of online orders containing...
learn more
