What kind of data was exposed in the DavaIndia Pharmacy security lapse?

Customer order data, including names, phone numbers, email IDs, mailing addresses, total amounts paid, and products purchased, was exposed. Sensitive drug prescription controls were also affected.

Who discovered the security flaw at DavaIndia Pharmacy and what was the timeline?

Security researcher Eaton Zveare discovered the flaw and reported it to CERT-In in August 2025. The vulnerability was fixed within weeks.

What is the impact of the DavaIndia Pharmacy data exposure on customers?

The exposure carries heightened privacy and patient-safety risks, as pharmacy order data can reveal sensitive personal health information and private purchases.

Home / Technology / India Pharmacy Data Breach: Admin Access Exposed Orders

India Pharmacy Data Breach: Admin Access Exposed Orders

14 Feb

•

Summary

A security flaw allowed unauthorized admin access to sensitive data.
Customer order data and drug prescription controls were exposed.
The vulnerability was reported to Indian authorities and has been fixed.

India Pharmacy Data Breach: Admin Access Exposed Orders

A critical security vulnerability in DavaIndia Pharmacy's platform, operated by Zota Healthcare, permitted unauthorized individuals to gain complete administrative access. This breach exposed sensitive customer order details and functions related to drug prescription controls. A security researcher identified insecure application programming interfaces on the DavaIndia website, which enabled unauthenticated users to create high-privilege 'super admin' accounts.