๐ Pharma Breach: Trust Shattered & Data Risk ๐จ
Tech
February 14, 2026| AuthorABR-INSIGHTS Tech Hub
๐ง Audio Summaries
๐ Shop on Amazon
ABR-INSIGHTS Tech Hub Picks
BROWSE COLLECTION โ*As an Amazon Associate, I earn from qualifying purchases.
Verified Recommendations๐ง Quick Intel
- Security researcher Eaton Zveare identified a critical vulnerability within the DavaIndia Pharmacy platform operated by Zota Healthcare in August 2025.
- The flaw allowed unauthorized users to create โsuper adminโ accounts with elevated privileges, granting access to thousands of customer order records.
- Each order contained detailed customer information including names, phone numbers, email addresses, mailing addresses, total purchase amounts, and specific medications purchased.
- The vulnerability enabled manipulation of product listings and prices, the generation of discount coupons, and the alteration of prescription requirements for certain drugs.
- The issue was patched within a relatively short timeframe, with confirmation of the fix provided to CERT-In in late November 2025.
- Zota Healthcareโs CEO, Sujit Paul, did not provide an explicit timeline for the remediation efforts.
- Indiaโs national cyber emergency response agency demonstrated effectiveness in swiftly addressing the vulnerability.
๐Summary
A security vulnerability within DavaIndia Pharmacy, the pharmacy arm of Zota Healthcare, presented a risk to its operations. A security researcher identified insecure administrative interfaces on the companyโs website. This allowed external access to the platform, potentially exposing customer order data and drug control functions. The issue impacted over 2,300 stores, including recently opened locations. Indian cybersecurity authorities were notified in late November 2025, and the vulnerability was addressed within August 2025. There was no evidence of prior exploitation. The companyโs CEO did not respond to inquiries from TechCrunch.
๐กInsights
โผ
VULNERABILITY DISCOVERY AND INITIAL REPORTING
Security researcher Eaton Zveare identified a critical security flaw within the DavaIndia Pharmacy platform, operated by Zota Healthcare. Through the discovery of insecure โsuper adminโ application programming interfaces on the website, Zveare alerted Indian cybersecurity authorities, specifically CERT-In, in August 2025. This proactive reporting was crucial in initiating a rapid response to mitigate the potential risks associated with the vulnerability. Zveareโs diligence in identifying and reporting the issue underscores the importance of ongoing security assessments and vulnerability research within the pharmaceutical technology sector.
THE NATURE OF THE VULNERABILITY AND ITS POTENTIAL IMPACT
The discovered flaw allowed unauthorized users to create โsuper adminโ accounts with elevated privileges. Once authenticated, these users gained access to a vast amount of sensitive data, including thousands of customer order records. Each order contained detailed customer information such as names, phone numbers, email addresses, mailing addresses, total purchase amounts, and the specific medications purchased. Furthermore, the compromised access enabled manipulation of product listings and prices, the generation of discount coupons, and the alteration of prescription requirements for certain drugs. The potential impact of this breach extends beyond simple data exposure; the ability to modify drug controls presents significant risks to patient safety and underscores the critical need for robust security measures in the pharmaceutical industry.
RESPONSE AND REMEDIATION
Following Zveareโs report to CERT-In, the vulnerability was swiftly addressed. The issue was patched within a relatively short timeframe, with confirmation of the fix provided to the cyber authorities in late November 2025. While the exact timeline remains somewhat opaque due to a lack of direct communication from Zota Healthcareโs CEO, Sujit Paul, the rapid response demonstrates the effectiveness of Indiaโs national cyber emergency response agency and highlights the importance of collaborative action between security researchers and technology providers. The swift resolution prevented any apparent exploitation of the flaw, mitigating the immediate risks associated with the breach.
Our editorial team uses AI tools to aggregate and synthesize global reporting. Data is cross-referenced with public records as of April 2026.
Related Articles
Tech
Meta's Scary Smart Glasses ๐๏ธโ๐จ๏ธ: Surveillance Alert!
In 2024, Meta, the company behind smart glasses developed by Ray-Ban and Oakley, outlined plans for a new facial recogni...
Tech
Airbnb's AI Revolution ๐: Travel's New Future? ๐ค
Airbnb is exploring the integration of large language models into its operations, as revealed by CEO Brian Chesky. The c...
Tech
AI Apocalypse? ๐คฏ Economy's Shocking Truth Revealed!
On February 12, 2026, concerns shifted from anxieties about an AI apocalypse to examining economic bottlenecks. The conv...