Transaction keys exposure via payment API vulnerabilities have impacted millions of users

API vulnerabilities have put millions of users under financial threat by exposing transaction keys.

The security research report revealed that around ten mobile apps using Razorpay payment gateway exposed secret transaction keys. This jeopardizes users’ data safety and makes them vulnerable to a wide range of attacks.

In the research around 13,000 apps were uploaded on its BeVigil security search engine. Out of these, nearly 250 apps used the Razorpay API for processing financial transactions. Around 10 (5%) of these apps exposed the payment integration key ID and key secret.

Although the company has deactivated the 10 apps, it urges developers to realize the impact of such issues and implement effective review processes to protect sensitive user data. Therefore, payment providers should design APIs that offer options to minimize a key’s permissions and access controls even if it hasn’t been invalidated.

Install NPAV on your devices to keep them safe and secure from all data and financial risks. We provide best-in-class cyber security and data backup measures.

Use NPAV and join us on a mission to secure the cyber world.