Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Major Data Breach at India’s Leading Pharmacy Chain

Major Data Breach at India’s Leading Pharmacy Chain

Posted on February 17, 2026 By CWS

India’s largest pharmacy chain, Dava India, recently faced a significant data breach, revealing critical customer information and internal system vulnerabilities. Discovered by Eaton-Works, the breach was due to insecure ‘super admin’ APIs, posing serious security risks.

Security Flaw Details

The breach allowed unauthorized creation of a super admin account, providing full access to the pharmacy’s backend systems. Eaton-Works identified the issue, highlighting the lack of proper authentication checks in the backend APIs, which facilitated administrative control over the system.

Dava India, operating over 2,100 outlets nationwide, prides itself on being the largest private generic pharmacy retail chain. The company also manages an online platform and mobile app for purchasing medicines. However, the discovered vulnerability exposed sensitive elements of their online operations.

Extent of Data Exposure

According to Eaton-Works, the breach could have potentially exposed data from approximately 17,000 customer orders across 883 stores. The super admin access also allowed modification or deletion of over 1,500 products, price alterations, removal of prescription requirements, and creation of ‘100% off’ coupons.

The control extended to website display features, including sponsored content and embedded videos, raising concerns about potential content manipulation. This vulnerability highlighted the risks associated with inadequate API security, particularly in sectors like healthcare and retail where sensitive data is involved.

Response and Resolution

The vulnerability was reported to India’s Computer Emergency Response Team (CERT-IN) on August 20, 2025. Dava India addressed the flaw approximately a month later, although official confirmation came only in late November 2025. Eaton-Works disclosed the details publicly on February 13, 2026, marking a significant finding in the healthcare sector.

Fortunately, Eaton-Works confirmed that no personal data was stolen, and the vulnerability was patched before any exploitation occurred. The breach impacted only online systems, leaving in-store purchases unaffected, emphasizing the importance of secure API design.

This incident underscores the critical need for robust security measures in digital platforms, especially those handling sensitive customer and operational data. As cybersecurity threats continue to evolve, businesses must prioritize strengthening their defenses to protect against potential breaches.

Cyber Security News Tags:API vulnerability, customer data, Cybersecurity, data breach, Dava India, Eaton-Works, Healthcare, India, Pharmacy, Retail

Post navigation

Previous Post: 0APT Ransomware: Illusion of Data Breaches Exposed
Next Post: EU Parliament Disables AI on Devices Due to Security Risks

Related Posts

First Large-scale Cyberattack Using AI With Minimal Human Input First Large-scale Cyberattack Using AI With Minimal Human Input Cyber Security News
GitLab Patches Multiple Vulnerabilities that Enables Arbitrary Code Execution GitLab Patches Multiple Vulnerabilities that Enables Arbitrary Code Execution Cyber Security News
Critical IDIS IP Cameras One-Click Vulnerability Leads to full Compromise of Victim’s Computer Critical IDIS IP Cameras One-Click Vulnerability Leads to full Compromise of Victim’s Computer Cyber Security News
CyberSentinel AI Revolutionizes Security with 33 Tools CyberSentinel AI Revolutionizes Security with 33 Tools Cyber Security News
SolarWinds Web Help Desk Vulnerability Enables Unauthenticated RCE SolarWinds Web Help Desk Vulnerability Enables Unauthenticated RCE Cyber Security News
WhatsApp Introduces Handles for Enhanced Privacy WhatsApp Introduces Handles for Enhanced Privacy Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Government Pays $1M to Prevent Data Leak by Kairos Group
  • North Korean Hackers Launch PolinRider Campaign
  • Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security
  • PamStealer Targets macOS Users via Fake Clipboard Manager
  • New FatFs Vulnerabilities Threaten Embedded Devices

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Government Pays $1M to Prevent Data Leak by Kairos Group
  • North Korean Hackers Launch PolinRider Campaign
  • Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security
  • PamStealer Targets macOS Users via Fake Clipboard Manager
  • New FatFs Vulnerabilities Threaten Embedded Devices

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark