Top Uber rival leaks user and driver data online

Indian ride-sharing company Rapido was found leaking driver and customer data
The flaw stemmed from a faulty API
The company was leaking names, emails, and phone numbers

A major Indian ride-hailing platform was exposing sensitive user data thanks to a bug in one of its APIs.

The flaw in Rapido’s systems was discovered by security researcher Renganathan P, who claimed it stemmed from a website form designed to collect feedback from auto-rickshaw users and drivers. Auto-rickshaw is a three-wheeled vehicle, popular across India and many Asian countries.

Users that provided the feedback have had their sensitive information exposed to the public, including full names, email addresses, and phone numbers.

Rapido exposure

The database has been seen by TechCrunch, which confirmed its authenticity. The data was supposed to be shared with a third-party service, used by Rapido, only, but the publication says the database counts more than 1,800 feedback responses, with a “large number” of driver phone numbers, and a “lesser number” of email addresses.

“This could have led to a big scam involving scammers or hackers, who may have ended up calling drivers and performing a large-scale social engineering attack, or simply these phone numbers and other data could have been exposed on the dark web if reached in the wrong hands,” Renganathan P said.

The publication subsequently reached out to Rapido, who locked down the database and prevented more unauthorized access. We don’t know if any malicious actors found this database in the past, or if the data was abused in the wild. Phone numbers and email addresses are vital in running phishing and identity theft scams.

“As a standard operating procedure, we are in the process of soliciting valuable feedback from our stakeholder community on our services. While this is being managed by external parties, we have come to understand that the survey links have reached some unintended users from the public,” Rapido CEO Aravind Sanka said in a statement.

Sanka added that the collected phone numbers and email addresses were “non-personal in nature.”

https://cdn.mos.cms.futurecdn.net/dN5toW9ygER7CeKYqEVwba-1200-80.jpg

Source link

US government removes Chinese chip giant AMEC from major blacklist

Save big on premium password security this holiday season with NordPass

BeyondTrust says hackers hit its remote support products

Bluesky just made it harder for someone to steal your name, but verification is still a challenge

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Trump vs. Harris: How the election will affect EV adoption

Lumwana’s Super Pit Expansion Officially Launched By Investing.com

How Biden could use a 1947 law to suspend the dockworkers’ strike

Why your Roth IRA conversions could have ‘unintended’ tax consequences

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Top Uber rival leaks user and driver data online

US government removes Chinese chip giant AMEC from major blacklist

Save big on premium password security this holiday season with NordPass

BeyondTrust says hackers hit its remote support products

Bluesky just made it harder for someone to steal your name, but verification is still a challenge

Leave a reply Cancel reply