Last week I spent some time in learning ethical hacking and web security and fixed some of the the vulnerabilities on my web server. During my research to hone my skills I analyzed many websites for vulnerabilities and found that many popular startups in India take web security for a toss. One particular website Wishberry which is called kickstarter for crowdfunding in India grabbed my attention. I was able to see private data which was completely accessible via public IP. One data set that grabbed my attention includes very high profile individuals, Investors and entrepreneurs with their Names, email Ids, Mobile Numbers, Amount pledged, addresses etc. Below are screenshots of their data.
I am sure this data is going to shock you as well. This list includes famous Indian investors like Rajan Anandan, Vishal Gondal, Mahesh Murthy, Ravi Guru Raj, Sharad Sharma and many more. Interesting thing is many of them are angel investors in this venture. This vulnerability exposes almost all the campaign backers information, all you need is just the campaign Id. These kind of vulnerabilities lead to increased spam emails, calls etc. More than that trust from the backers will reduce. I think companies should give highest priority to customer data privacy, much more than branding and they should at least spend a bit for taking care of basic encryption and data security. Wishberry should fix this before hackers and spammers get their hands on it. You may ping me on my Fb to get information on this vulnerability.