Skip to content

JOBUZO

  • News
  • Indonesia
  • Toggle search form
Indian pharmacy chain giant exposed customer data and internal systems

Indian pharmacy chain giant exposed customer data and internal systems

Posted on 14 February 2026 By jobuzo

A security lapse by one of India’s largest pharmacy chains allowed outsiders to gain full administrative control of its platform, exposing customer order data and sensitive drug-control functions, TechCrunch has exclusively learned.

The issue affected DavaIndia Pharmacy, the pharmacy arm of Zota Healthcare, which operates a large network of retail outlets across India. Security researcher Eaton Zveare told TechCrunch that he discovered the flaw after identifying insecure “super admin” application programming interfaces on DavaIndia’s website and privately shared details with Indian cybersecurity authorities.

The bug is now fixed, and Zveare disclosed his findings.

The exposure comes as Zota Healthcare rapidly scales DavaIndia Pharmacy’s retail business. The Gujarat-headquartered company operates more than 2,300 DavaIndia stores across India, including 276 new outlets announced in January, and plans to add another 1,200 to 1,500 over the next two years.

Zveare told TechCrunch that the flaw stemmed from insecure admin interfaces, which allowed unauthenticated users to create “super admin” accounts with high privileges.

With that level of access, an attacker could view thousands of online orders containing customer information, modify product listings and prices, create discount coupons, and change settings governing whether certain medicines required a prescription, the researcher said.

News :<div>12 weeks' jail for school IT support technician who took upskirt videos of teachers</div>

Based on system timestamps, Zveare said the vulnerable administrative interfaces appeared to have been live since late 2024. The access exposed nearly 17,000 online orders and administrative controls spanning 883 stores, he said, allowing changes to product pricing, prescription requirements, and promotional discounts. Zveare said the access allowed edits to website content that could have been used for defacement or disruption.

Pharmacy order data can be particularly sensitive, as it may reveal information about a person’s health conditions, medications or other private purchases. Exposure of such data, even without evidence of misuse, carries heightened privacy and patient-safety risks compared with other consumer information.

“Customer information was linked to their orders,” said Zveare. “This includes name, phone numbers, email IDs, mailing addresses, total amount paid, and the products purchased. Since this is a pharmacy, the products being purchased could be considered private and even embarrassing for some people.”

Zveare said he reported the issue to CERT-In, India’s national cyber emergency response agency, in August 2025. The vulnerability was fixed within weeks, though confirmation from the company took longer and was provided to the cyber authorities in late November, he said.

Sujit Paul, chief executive of Zota Healthcare, did not respond to emails sent by TechCrunch last month. The researcher said there was no indication the flaw had been exploited before it was patched.

Indian pharmacy chain giant exposed customer data and internal systems


News

Post navigation

Previous Post: Chinese robots and culture converge at UN’s Year of the Horse celebration
Next Post: Nothing opens its first retail store in India

Related Posts

Charlie Kirk death: Netizens claim two men signalled before sniper gunshot; accuse them of role in shooting | WATCH Charlie Kirk death: Netizens claim two men signalled before sniper gunshot; accuse them of role in shooting | WATCH News
Suspect in Charlie Kirk shooting charged with aggravated murder Suspect in Charlie Kirk shooting charged with aggravated murder News
Blast shakes Jerusalem after Iran fires two missiles, minor injuries reported Blast shakes Jerusalem after Iran fires two missiles, minor injuries reported News

Latest

  • Opposition slams plan to oust Hungary’s president
  • ‘Space race of our time’: can Europe compete with China, US in humanoid robots?
  • Trump says “disappointed” with NATO allies on Ankara summit sidelines
  • CGTN Poll: Respondents call for unity in tackling extreme weather
  • Chinese paddlers win WTT United States Smash women’s doubles title
  • Trump, Nato allies to begin key talks at Turkiye summit
  • Trump changes tune on Meloni after G7 spat, calls her a ‘nice person’
  • Prince William Co. supervisors deny 2,000-acre Dulles South data center plans
  • Prince William Co. supervisors deny 2,000-acre Dulles South data center plans
  • CNN verifica: cinco afirmaciones falsas que hizo Trump durante una reunión con Erdogan

Copyright © 2025 JOBUZO. Disclaimers | Privacy Policies

Powered by PressBook Masonry Blogs