The Latest

India’s Largest Pharmacy Chain Faces Major Security Breach, Potential Customer Data Leak Raises Concerns

bytechdeals.net
14 February 2026

DavaIndia Pharmacy Faces Major Security Vulnerability: A Call for Enhanced Cybersecurity

Summary:

  • DavaIndia Pharmacy, a leading pharmacy chain in India, experienced a significant security vulnerability allowing unauthorized access to sensitive customer and order information.
  • The flaw, identified by security researcher Eaton Zveare, arose from an unprotected “Super Administrator” API interface, permitting unauthorized account creation.
  • Although the vulnerability was patched swiftly, concerns about customer data sensitivity and the potential for exploitation remain high.

On February 14, reports emerged regarding a serious security vulnerability at DavaIndia Pharmacy, one of India’s largest pharmacy chains with more than 2,300 stores nationwide. This critical flaw allowed external parties to gain the highest administrator rights on the platform, compromising access to customer order data and essential drug management functions.

DavaIndia Pharmacy has been on an aggressive expansion trajectory, having opened 276 new stores in January alone and planning to launch an additional 1,200 to 1,500 locations over the next two years. However, this expansion highlights the urgent need for robust cybersecurity measures to protect sensitive customer information.

Eaton Zveare, the security researcher who uncovered the vulnerability, identified an unprotected "Super Administrator" API interface. This flaw was reported to the Indian Cyber Security Department, and measures have since been taken to rectify the issue.

The Scope of the Vulnerability

The security lapse arose from a significant lack of authentication within the backend management interface. This absence allowed unauthorized users to create “super administrator” accounts with extensive privileges. Upon gaining these permissions, attackers could:

  • Access thousands of online orders, revealing sensitive customer details.
  • Modify product information and pricing.
  • Create discount coupons and alter prescription requirements for drugs.

The compromised system timestamp indicates that the vulnerable interface had been operational since late 2024, affecting nearly 17,000 orders and covering 883 stores. This level of access could potentially lead to website content manipulation, posing a risk of page tampering and business disruption.

Sensitivity of Customer Data

Given that pharmacy orders often concern personal health information and medication records, the data involved in this breach is significantly more sensitive than general consumer information. Zveare emphasized, “Customer information is directly linked to the order, encompassing names, phone numbers, email addresses, mailing addresses, payment amounts, and purchased items. For some consumers, the medication acquired may pertain to private or even embarrassing circumstances.”

Reporting and Resolution

Zveare reported the vulnerability to India’s national cyber emergency response agency, CERT-In, in August 2025. The issue was patched within weeks, yet the formal acknowledgment from DavaIndia came only at the end of November. Fortunately, researchers indicated there were no signs that the flaw had been exploited before its resolution.

The Importance of Cybersecurity in Healthcare

This incident at DavaIndia Pharmacy underscores the critical need for comprehensive cybersecurity strategies, especially within sectors handling sensitive information. As pharmacy chains expand their digital footprint, they must prioritize safeguarding customer data against potential threats.

Companies in the healthcare domain must collaborate with cybersecurity experts to adopt best practices, ensuring that vulnerabilities are swiftly identified and mitigated. Continuous monitoring of systems and regular audits can play vital roles in maintaining the integrity of customer data.

Conclusion

DavaIndia Pharmacy’s experience serves as a cautionary tale about the implications of cybersecurity vulnerabilities within the healthcare sector. As they continue to grow, it is imperative that they enhance their cybersecurity frameworks, fostering trust among their customer base and protecting invaluable personal information. Building strong security protocols is not just a regulatory requirement; it’s a fundamental responsibility towards customers whose health records and personal data are at stake.

Source link

Author
techdeals.net
Related Posts
Read More

Unmatched Performance: Honor GT2 Pro’s Snapdragon 8 Gen 1 Processor and 8500mAh Battery Life

Discover the standout features of the Honor GT2 Pro, equipped with the powerful Snapdragon 8 Gen 1 chip and a remarkable 8500mAh battery. This smartphone redefines excellence with its unrivaled performance and battery longevity, setting a new benchmark in its category. Explore how its innovative technology is shaping the future of mobile devices.

Summary of Key Features of Honor GT2 Pro: Impressive Performance: Equipped with Snapdragon 8 Elite Gen5 and designed…
bytechdeals.net