New Delhi: A flaw in CDSL Ventures Limited (CVL), a subsidiary of Central Depository Services (India) Limited (CDSL), exposed the personal and financial information of over 43 million Indian investors online. What is troubling is that this data was exposed twice in a 10-day period. On October 19, the cyber security team informed CERT-In and NCIIPC about the incident. It took about a week for the organization to resolve the issue.
According to CyberX9, the problem could have been resolved in two hours. This breach will have an impact on investors as they will almost certainly become the target of phishing attacks, in which hackers impersonate brokers, banks and corporations to cheat them out of their money.
In early October 2021, CyberX9’s research team uncovered a serious security vulnerability in the KYC wing of CDSL. According to their findings, CVL was disclosing highly sensitive personal and financial data of 43.9 million Indian investors.
According to cyber security firm SAID, ‘the people whose data was exposed were those who did KYC of their market securities,’ which also said that the problem discovered was an authorization vulnerability in the KYC API of a public CDSL, resulting in massive amounts of sensitive data being exposed on the Internet
The cybersecurity team discovered a comprehensive bypass to the measure that CDSL implemented on October 29 to repair the previously reported issue. “Both times the data exposed was of people who had performed KYC on their market securities… Similar to the previous time, the issue discovered was an authorization vulnerability in the KYC API of a public CDSL, causing massive amounts of damage across the internet. Sensitive data exposed,” CyberX9 reported.
Personal information such as full name, complete PAN number, gender, marital status, father/full spouse’s name, date of birth, nationality, complete residential address, complete permanent address, contact number, email address and business details were included. Data exposed by security flaw.
It also included sensitive financial data such as the amount of annual income tax return submitted, net worth (with the date it was updated), demat account number, broker name and CDSL client ID.
According to the cyber security team, the information disclosed by CDSL could be a virtual goldmine for phishing and could lead to business email agreement (BEC) scams, in which hackers use brokers, banks and enterprises to defraud individuals and corporations. operate as. Sending money to fraudsters. This can also lead to extortion and tax refund scams.
live TV
#Mute
';
$('div.listing').append(string);
}
});
},
error:function(xhr){
//console.log("Error");
//console.log("An error occured: " + xhr.status + " " + xhr.statusText);
nextload=false;
},
complete: function(){
$('div.listing').find(".loading-block").remove();;
pg +=1;
//console.log("mod" + ice%2);
nextpath="&page=" + pg;
//console.log("request complete" + nextpath);
cat = "?cat=120581";
//console.log(nextpath);
nextload=(ice%2==0)?true:false;
}
});
}
//lastoff = last.offset();
//console.log("**" + lastoff + "**");
});*/
var maindiv = false;
var dis = 0;
var fbcontainer="";
var fbid = '';
var fb_script=document.createElement('script');
fb_script.text= "(function(d, s, id) {var js, fjs = d.getElementsByTagName(s)[0];if (d.getElementById(id)) return;js = d.createElement(s); js.id = id;js.src="https://connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v2.9";fjs.parentNode.insertBefore(js, fjs);}(document, 'script', 'facebook-jssdk'));";
var fmain = $(".sr2408818");
//alert(x+ "-" + url);
var fdiv = '
';
//console.log(fdiv);
//$(fb_script).appendTo(fmain);
$(fdiv).appendTo(fmain);
function fillElementWithAd($el, slotCode, size, targeting){
if (typeof targeting === 'undefined') {
targeting = {};
} else if ( Object.prototype.toString.call( targeting ) !== '[object Object]' ) {
targeting = {};
}
var elId = $el.attr('id');
//console.log("elId:" + elId);
googletag.cmd.push(function(){
var slot = googletag.defineSlot(slotCode, size, elId);
for (var t in targeting){
slot.setTargeting(t, targeting
}
slot.addService(googletag.pubads());
googletag.display(elId);
//googletag.pubads().refresh([slot]);
});
}
$(document).delegate("button[id^='mf']", "click", function(){
fbcontainer="";
fbid = '#' + $(this).attr('id');
var sr = fbid.replace("#mf", ".sr");
$(fbid).parent().children(sr).toggle();
fbcontainer = $(fbid).parent().children(sr).children(".fb-comments").attr("id");
});
function onPlayerStateChange(event){
var ing, fid;
//console.log(event + "---player");
$('iframe[id*="video-"]').each(function(){
_v = $(this).attr('id');
//console.log("_v: " + _v);
if(_v != event){
//console.log("condition match");
ing = new YT.get(_v);
if(ing.getPlayerState()=='1'){
ing.pauseVideo();
}
}
});
$('div[id*="video-"]').each(function(){
_v = $(this).attr('id');
//console.log("_v: " + _v + " event: " + event);
if(_v != event){
//jwplayer(_v).play(false);
}
});
}
function onYouTubePlay(vid, code, playDiv,vx, pvid){
if (typeof(YT) == 'undefined' || typeof(YT.Player) == 'undefined') {
var tag = document.createElement('script');
tag.src = "https://www.youtube.com/iframe_api";
var firstScriptTag = document.getElementsByTagName('script')[0];
firstScriptTag.parentNode.insertBefore(tag, firstScriptTag);
window.onYouTubePlayerAPIReady = function() {
onYouTubePlayer(vid, code, playDiv,vx, pvid);
};
}else{onYouTubePlayer(vid, code, playDiv,vx, pvid);}
}
function onYouTubePlayer(vid, code, playDiv,vx, pvid){
//console.log(playDiv + "Get Youtue " + vid);
//$("#"+vid).find(".playvideo-"+ vx).hide();
var player = new YT.Player(playDiv , {
height: '450',
width: '100%',
videoId:code,
playerVars: {
'autoplay': 1,
'showinfo': 1,
'controls': 1
},
events: {
'onStateChange': function(event){
onPlayerStateChange(event.target.a.id);
}
}
});
$("#video-"+vid).show();
}
function kalturaPlayerAPIReady(code, playDiv,pvid){
var dt=new Date;
var nt=dt.getTime();
var vtitle = "";
pre_roll = "https://pubads.g.doubleclick.net/gampad/ads?sz=640x480&iu=/11440465/Zeenews_English_Video/Zeenews_English_Preroll&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=vast&unviewed_position_start=1&env=vp&impl=s&description_url="+vtitle+"&correlator="+nt;
var sources ={};
var config = {
targetId: playDiv,
provider: {
partnerId: 2504201
},
playback: {
pictureInPicture : true,
autoplay: true
},
advertising: {
adBreaks: [{
position: 0,
ads: [{
url: [pre_roll]
}]
}]
},
plugins: {
ima: {
adsResponse: ""
}
}
}
var kalturaPlayer = KalturaPlayer.setup(config);
if(kalturaPlayer){
kalturaPlayer.reset();
}
var videoUrl = code;
var mediaid = '"zn' + pvid + '"';
sources = {
hls: [{
id: mediaid,
url: videoUrl,
mimetype: "application/x-mpegURL"
}]
}
kalturaplayerSetup(kalturaPlayer, sources);
if (typeof kalturaPlayer !== 'undefined') {
doRegisterEvents(kalturaPlayer);
}
}
function kalturaplayerSetup(kalturaPlayer, playbackType){
kalturaPlayer.setMedia({
plugins: {},
sources: playbackType
});
}
function doRegisterEvents(kalturaPlayer) {
/* player event*/
kalturaPlayer.addEventListener(kalturaPlayer.Event.Core.PLAY, playEvent);
kalturaPlayer.addEventListener(kalturaPlayer.Event.Core.PAUSE, pauseEvent);
kalturaPlayer.addEventListener(kalturaPlayer.Event.Core.PLAYBACK_ENDED, playbackEndedEvent);
/* ad event */
kalturaPlayer.addEventListener(kalturaPlayer.Event.AD_STARTED, adStartedEvent);
kalturaPlayer.addEventListener(kalturaPlayer.Event.AD_COMPLETED, adCompletedEvent);
kalturaPlayer.addEventListener(kalturaPlayer.Event.AD_SKIPPED, adSkippedEvent);
kalturaPlayer.addEventListener(kalturaPlayer.Event.AD_CLICKED,adClicked);
}
var vlabel = "https://zeenews.india.com"+$(this).attr("video-path");
var isVideoPlayed = false;
var isAdSkippedCompleted = false;
function adStartedEvent(event) {
var videotype = "zee english video";
gtag('event', 'Adstarted', { 'event_category': videotype, 'event_label': vlabel});
gtag('event', 'Play', { 'event_category': videotype, 'event_label': vlabel});
isVideoPlayed = true;
isAdSkippedCompleted = true;
}
function adCompletedEvent(event) {
var videotype = "zee english video";
gtag('event', 'Adcompleted', { 'event_category': videotype, 'event_label': vlabel});
isAdSkippedCompleted = true;
}
function adSkippedEvent(event) {
var videotype = "zee english video";
gtag('event', 'Adskipped', { 'event_category': videotype, 'event_label': vlabel});
isAdSkippedCompleted = true;
}
function adClicked(event) {
var videotype = "zee english video";
gtag('event', 'Adclicked', { 'event_category': videotype, 'event_label': vlabel});
}
function playbackEndedEvent(event){
var videotype = "zee english video";
gtag('event', 'Complete', { 'event_category': videotype, 'event_label': vlabel});
}
function playEvent(event) {
var videotype = "zee english video";
if((isVideoPlayed) && (isAdSkippedCompleted)){
isAdSkippedCompleted = false;
}else if((isVideoPlayed)){
gtag('event', 'resume', { 'event_category': videotype, 'event_label': vlabel});
}else{
gtag('event', 'Play', { 'event_category': videotype, 'event_label': vlabel});
isVideoPlayed = true;
}
}
function pauseEvent(event) {
var videotype = "zee english video";
gtag('event', 'Pause', { 'event_category': videotype, 'event_label': vlabel});
}
function AdloadEvent(event) {
var videotype = "zee english video";
gtag("event", "kaltura_adloaded", { "event_category": videotype, "event_label": vlabel});
}
function AdProgressEvent(event) {
var videotype = "zee english video";
gtag("event", "kaltura_adprogress", { "event_category": videotype, "event_label": vlabel});
}
function adPausedEvent(event) {
var videotype = "zee english video";
gtag("event", "kaltura_adpaused", { "event_category": videotype, "event_label": vlabel});
}
/* End of Kaltura player function code */
$(document).delegate("div[id^='play']", "click", function(){
//console.log($(this).attr("id"));
//console.log($(this).attr("video-source"));
//console.log($(this).attr("video-code"));
var isyoutube = $(this).attr("video-source");
var vurl = $(this).attr("video-path");
var vid = $(this).attr("id");
$(this).hide();
var pvid = $(this).attr("newsid");
var vx = $(this).attr("id").replace('play-','');
var vC = $(this).attr("video-code");
var playDiv = "video-" + vid + "-" + pvid;
if(isyoutube =='No'){
kalturaPlayerAPIReady(vC, playDiv,pvid);
}else{
onYouTubePlay(vid, vC, playDiv,vx, pvid);
}
});
$(document).delegate("div[id^='ptop']", "click", function(){
var vid = $(this).attr("id").replace('ptop','');
$(this).hide();
var pvid = $(this).attr("newsid");
var vurl = $(this).attr("video-path");
//console.log($(this).attr("id") + "--" + vid);
//console.log($(this).parent().children().find('#play-'+vid).attr("video-source"));
//console.log($(this).parent().children().find('#play-'+vid).attr("video-code"));
var isyoutube = $(this).parent().children().find('#play-'+vid).attr("video-source");
var vC = $(this).parent().children().find('#play-'+vid).attr("video-code");
var playDiv = "mvideo-play-" + vid + "-" + pvid;
if(isyoutube =='No'){
//console.log(jwplayer($(this).attr("id")).getState());
kalturaPlayerAPIReady(vC, playDiv,pvid);
}else{
onYouTubePlay($(this).attr("id"), vC, playDiv, vid, pvid);
}
});
var nxti = 3;
var ci = 1;
var nxti_1 = 6;
var nxti_2 = 9;
var nxti_3 = 12;
if($.autopager==false){
var use_ajax = false;
/*var disqus_shortname="zeehindi";
var disqus_identifier; //made of post id and guid
var disqus_url; //post permalink
function loadDisqus(source, identifier, url, nid) {
if (window.DISQUS) {
//alert("if");
jQuery('
').insertAfter(source);
jQuery('#disqus_thread').insertAfter(source); //append the HTML after the link
//if Disqus exists, call it's reset method with new parameters
DISQUS.reset({
reload: true,
config: function () {
this.page.identifier = identifier;
this.page.url = url;
}
});
}else{
jQuery('
').insertAfter(source);
disqus_identifier = identifier; //set the identifier argument
disqus_url = url; //set the permalink argument
//append the Disqus embed script to HTML
var dsq = document.createElement('script'); dsq.type="text/javascript"; dsq.async = true;
dsq.src="http://" + disqus_shortname + '.disqus.com/embed.js';
jQuery('head').append(dsq);
}
};*/
/*$('.disqusOn').live( "click", notify );
function notify() {
identifier = $(this).attr('id');
dUrl = $(this).attr('disqus-url');
source = $(this).parent();
loadDisqus(jQuery(this), identifier, dUrl);
}*/
function loadshare(curl){
history.replaceState('' ,'', curl);
if(window.OBR){
window.OBR.extern.researchWidget();
}
//console.log("loadshare Call->" + curl);
//$('html head').find('title').text("main" + nxtTitle);
if(_up == false){
var cu_url = curl;
gtag('config', 'UA-2069755-1', {'page_path': cu_url });
if(window.COMSCORE){
window.COMSCORE.beacon({c1: "2", c2: "9254297"});
var e = Date.now();
$.ajax({
url: "/marathi/news/zscorecard.json?" + e,
success: function(e) {}
})
}
//console.log('ga:'+r);
/*(function () {
var ga = document.createElement('script'); ga.type="text/javascript"; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'stats.g.doubleclick.net/dc.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();*/
//console.log("loadshare Call");
}
}
if(use_ajax==false) {
//console.log('getting');
var view_selector="div.center-section"; // + settings.view_name; + '.view-display-id-' + settings.display;
var content_selector = view_selector; // + settings.content_selector;
var items_selector = content_selector + ' > div.rep-block'; // + settings.items_selector;
var pager_selector="div.next-story-block > div.view-zn-article-mc-all-2017 > div.view-content > div.clearfix"; // + settings.pager_selector;
var next_selector="div.next-story-block > div.view-zn-article-mc-all-2017 > div.view-content > div.clearfix > a:last"; // + settings.next_selector;
var auto_selector="div.tag-block";
var img_location = view_selector + ' > div.rep-block:last';
var img_path="
"; //settings.img_path;
//var img = '
' + img_path + '
';
var img = img_path;
//$(pager_selector).hide();
//alert($(next_selector).attr('href'));
var x = 0;
var url="";
var prevLoc = window.location.pathname;
var circle = "";
var myTimer = "";
var interval = 30;
var angle = 0;
var Inverval = "";
var angle_increment = 6;
var handle = $.autopager({
appendTo: content_selector,
content: items_selector,
runscroll: maindiv,
link: next_selector,
autoLoad: false,
page: 0,
start: function(){
$(img_location).after(img);
circle = $('.center-section').find('#green-halo');
myTimer = $('.center-section').find('#myTimer');
angle = 0;
Inverval = setInterval(function (){
$(circle).attr("stroke-dasharray", angle + ", 20000");
//myTimer.innerHTML = parseInt(angle/360*100) + '%';
if (angle >= 360) {
angle = 1;
}
angle += angle_increment;
}.bind(this),interval);
},
load: function(){
$('div.loading-block').remove();
clearInterval(Inverval);
//$('.repeat-block > .row > div.main-rhs2408818').find('div.rhs2408818:first').clone().appendTo('.repeat-block >.row > div.main-rhs' + x);
$('div.rep-block > div.main-rhs2408818 > div:first').clone().appendTo('div.rep-block > div.main-rhs' + x);
$('.center-section >.row:last').before('
Next Story
');
//$(".main-rhs" + x).theiaStickySidebar();
var fb_script=document.createElement('script');
fb_script.text= "(function(d, s, id) {var js, fjs = d.getElementsByTagName(s)[0];if (d.getElementById(id)) return;js = d.createElement(s); js.id = id;js.src="https://connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v2.9";fjs.parentNode.insertBefore(js, fjs);}(document, 'script', 'facebook-jssdk'));";
var fmain = $(".sr"+ x);
//alert(x+ "-" + url);
var fdiv = '
';
//$(fb_script).appendTo(fmain);
$(fdiv).appendTo(fmain);
FB.XFBML.parse();
var $dfpAd = $('.center-section').children().find("#ad-"+ x);
xp = "#star"+x;
//var $dfpAdrhs = $('.main-rhs' + x).children().find('.adATF').empty().attr("id", "ad-300-" + x); //$('.content-area > .main-article > .row > .main-rhs'+x).find('#ad-300-' + x);
//var $dfpAdrhs2 = $('.main-rhs' + x).children().find('.adBTF').empty().attr("id", "ad-300-2-" + x);//$('.content-area > .main-article > .row > .main-rhs'+x).find('#ad-300-2-' + x);
//var $dfpMiddleAd = $('.content-area > .main-article > .row').find('#ar'+x).find('#ad-middle-' + x).empty();
//fillElementWithAd($dfpAdrhs, '/11440465/Zeenews_English_Web/Zeenews_English_AS_ATF_300x250', [[300, 250], [300, 600]], {});
//fillElementWithAd($dfpAdrhs2, '/11440465/Zeenews_English_Web/Zeenews_English_AS_BTF_1_300x250', [300, 250], {});
//fillElementWithAd($dfpMiddleAd, '/11440465/Zeenews_Hindi_Article_Middle_300x250_BTF', [300, 250], {});
var instagram_script=document.createElement('script');
instagram_script.defer="defer";
instagram_script.async="async";
instagram_script.src="https://platform.instagram.com/en_US/embeds.js";
/*var outbrain_script=document.createElement('script');
outbrain_script.type="text/javascript";
outbrain_script.async="async";
outbrain_script.src="https://widgets.outbrain.com/outbrain.js";
var Omain = $("#outbrain-"+ x);
//alert(Omain + "--" + $(Omain).length);
$(Omain).after(outbrain_script);
var rhs = $('.main-article > .row > div.article-right-part > div.rhs2408818:first').clone();
$(rhs).find('.ad-one').attr("id", "ad-300-" + x).empty();
$(rhs).find('.ad-two').attr("id", "ad-300-2-" + x).empty();
//$('.main-article > .row > div.article-right-part > div.rhs2408818:first').clone().appendTo('.main-article > .row > div.main-rhs' + x);
$(rhs).appendTo('.main-article > .row > div.main-rhs' + x); */
setTimeout(function(){
var twit = $("div.field-name-body").find('blockquote[class^="twitter"]').length;
var insta = $("div.field-name-body").find('blockquote[class^="instagram"]').length;
if(twit==0){twit = ($("div.field-name-body").find('twitterwidget[class^="twitter"]').length);}
if(twit>0){
if (typeof (twttr) != 'undefined') {
twttr.widgets.load();
} else {
$.getScript('https://platform.twitter.com/widgets.js');
}
//$(twit).addClass('tfmargin');
}
if(insta>0){
$('.content > .left-block:last').after(instagram_script);
//$(insta).addClass('tfmargin');
window.instgrm.Embeds.process();
}
}, 1500);
}
});
/*$("#loadmore").click(function(){
x=$(next_selector).attr('id');
var url = $(next_selector).attr('href');
disqus_identifier="ZNH" + x;
disqus_url = url;
handle.autopager('load');
history.pushState('' ,'', url);
setTimeout(function(){
//twttr.widgets.load();
//loadDisqus(jQuery(this), disqus_identifier, disqus_url);
}, 6000);
});*/
/*$("button[id^='mf']").live("click", disqusToggle);
function disqusToggle() {
console.log("Main id: " + $(this).attr('id'));
}*/
$(document).delegate("button[id^='mf']", "click", function(){
fbcontainer="";
fbid = '#' + $(this).attr('id');
var sr = fbid.replace("#mf", ".sr");
//console.log("Main id: " + $(this).attr('id') + "Goodbye!jQuery 1.4.3+" + sr);
$(fbid).parent().children(sr).toggle();
fbcontainer = $(fbid).parent().children(sr).children(".fb-comments").attr("id");
//console.log(fbcontainer);
//var commentsContainer = document.getElementById(fbcontainer);
//commentsContainer.innerHTML = '
';
});
/************Player Code ***********/
var title, imageUrl, description, author, shortName, identifier, timestamp, summary, newsID, nextnews;
var previousScroll = 0;
//console.log("prevLoc" + prevLoc);
$(window).scroll(function(){
var last = $(auto_selector).filter(':last');
var lastHeight = last.offset().top ;
//st = $(layout).scrollTop();
//console.log("st:" + st);
var currentScroll = $(this).scrollTop();
if (currentScroll > previousScroll){
_up = false;
} else {
_up = true;
}
previousScroll = currentScroll;
//console.log("_up" + _up);
var cutoff = $(window).scrollTop() + 64;
//console.log(cutoff + "**");
$('div[id^="row"]').each(function(){
//console.log("article" + $(this).children().find('.left-block').attr("id") + $(this).children().find('.left-block').attr('data-url'));
if($(this).offset().top + $(this).height() > cutoff){
//console.log("$$" + $(this).children().find('.left-block').attr('data-url'));
if(prevLoc != $(this).children().find('.left-block').attr('data-url')){
prevLoc = $(this).children().find('.left-block').attr('data-url');
$('html head').find('title').text($(this).children().find('.left-block').attr('data-title'));
$('meta[name=description]').attr("content",$(this).children().find('.left-block').attr('data-summary'));
$('meta[name=keywords]').attr("content",$(this).children().find('.left-block').attr('data-keyword'));
$('meta[name=news_keywords]').attr("content",$(this).children().find('.left-block').attr('data-keyword'));
pSUPERFLY.virtualPage(prevLoc,$(this).children().find('.left-block').attr('data-title'));
//console.log("Summary: " + $(this).children().find('.left-block').attr('data-summary'));
//console.log("Keyword: " + $(this).children().find('.left-block').attr('data-keyword'));
//history.pushState('' ,'', prevLoc);
loadshare(prevLoc);
}
return false; // stops the iteration after the first one on screen
}
});
if(lastHeight + last.height() < $(document).scrollTop() + $(window).height()){
//console.log("**get");
url = $(next_selector).attr('href');
x=$(next_selector).attr('id');
//console.log("x:" + x);
//handle.autopager('load');
/*setTimeout(function(){
//twttr.widgets.load();
//loadDisqus(jQuery(this), disqus_identifier, disqus_url);
}, 6000);*/
}
//lastoff = last.offset();
//console.log("**" + lastoff + "**");
});
//$( ".content-area" ).click(function(event) {
// console.log(event.target.nodeName);
//});
/*$( ".comment-button" ).live("click", disqusToggle);
function disqusToggle() {
var id = $(this).attr("id");
$("#disqus_thread1" + id).toggle();
};*/
//$(".main-rhs2408818").theiaStickySidebar();
var prev_content_height = $(content_selector).height();
//$(function() {
var layout = $(content_selector);
var st = 0;
///});
}
}
});
/*}
};*/
})(jQuery);
.