Indian Pharmacy Chain Giant Exposed Customer Data and Internal Systems

A major security flaw in DavaIndia Pharmacy’s website allowed anyone to create high‑privilege “super admin” accounts, exposing nearly 17,000 customer orders and sensitive internal controls across hundreds of stores. Researcher Eaton Zveare discovered the insecure admin interfaces, which could have enabled attackers to view private health‑related purchases, alter drug‑control settings, and manipulate pricing or website content. The vulnerability, active since late 2024, was reported to CERT‑In in August 2025 and fixed within weeks, with no evidence it was exploited.