Top Uber rival leaks user and driver data online

Indian ride-sharing company Rapido was found leaking driver and customer data
The flaw stemmed from a faulty API
The company was leaking names, emails, and phone numbers

A major Indian ride-hailing platform was exposing sensitive user data thanks to a bug in one of its APIs.

The flaw in Rapido’s systems was discovered by security researcher Renganathan P, who claimed it stemmed from a website form designed to collect feedback from auto-rickshaw users and drivers. Auto-rickshaw is a three-wheeled vehicle, popular across India and many Asian countries.

Users that provided the feedback have had their sensitive information exposed to the public, including full names, email addresses, and phone numbers.

Rapido exposure

The database has been seen by TechCrunch, which confirmed its authenticity. The data was supposed to be shared with a third-party service, used by Rapido, only, but the publication says the database counts more than 1,800 feedback responses, with a “large number” of driver phone numbers, and a “lesser number” of email addresses.

“This could have led to a big scam involving scammers or hackers, who may have ended up calling drivers and performing a large-scale social engineering attack, or simply these phone numbers and other data could have been exposed on the dark web if reached in the wrong hands,” Renganathan P said.

The publication subsequently reached out to Rapido, who locked down the database and prevented more unauthorized access. We don’t know if any malicious actors found this database in the past, or if the data was abused in the wild. Phone numbers and email addresses are vital in running phishing and identity theft scams.

“As a standard operating procedure, we are in the process of soliciting valuable feedback from our stakeholder community on our services. While this is being managed by external parties, we have come to understand that the survey links have reached some unintended users from the public,” Rapido CEO Aravind Sanka said in a statement.

Sanka added that the collected phone numbers and email addresses were “non-personal in nature.”

https://cdn.mos.cms.futurecdn.net/dN5toW9ygER7CeKYqEVwba-1200-80.jpg

Source link

Amazon is slashing prices on best-selling running shoes for spring — Nike, Hoka, and New Balance from $55

NymVPN’s Mac app gets the split tunneling feature users have been waiting for

How to watch The AI Doc: Or How I Became an Apocaloptimist

Amazon is giving away one of the best strategy games ever, plus loads of other PC games for Prime members

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

HBO Set to Debut Harry Potter TV Series Documentary Next Week

When Does Her Third Record Come Out? – Hollywood Life

Good Son’ Sets Premiere Date On YouTube

Super Mario Galaxy’ Scores Massive $34 Million First Day

Trump fires Pam Bondi as US attorney general, White House official says

Gen Z millionaires are rushing into crypto—and they blame the risky bet on FOMO, fear of missing out

Washington planning commission to vote Thursday on Trump’s ballroom project

Jobless claims fall 9,000 as overall layoffs remain low across the economy

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Top Uber rival leaks user and driver data online

HBO Set to Debut Harry Potter TV Series Documentary Next Week

Trump fires Pam Bondi as US attorney general, White House official says

Amazon is slashing prices on best-selling running shoes for spring — Nike, Hoka, and New Balance from $55

When Does Her Third Record Come Out? – Hollywood Life