India’s Rapido exposed user and driver data through leaky website feedback form

Date:

Share post:


Rapido, a popular ride-hailing platform in India, has fixed a security issue that exposed personal information associated with its users and drivers, TechCrunch has exclusively learned.

The flaw, discovered by security researcher Renganathan P, was related to a website form meant to collect feedback from Rapido auto-rickshaw users and drivers. The form exposed the full names, email addresses, and phone numbers of individuals, which TechCrunch has seen based on the details provided by the researcher.

The researcher told TechCrunch that the exposed data pertained to one of Rapido’s APIs, which was meant to collect and share information from the feedback form with a third-party service used by Rapido.

TechCrunch verified the exposure by submitting a generic message through the feedback form, which we saw appear soon after as a record in the exposed portal.

As of Thursday, the exposed portal had over 1,800 feedback responses, which included a large number of phone numbers belonging to drivers and a lesser number of email addresses, the researcher said.

“This could have led to a big scam involving scammers or hackers, who may have ended up calling drivers and performing a large-scale social engineering attack, or simply these phone numbers and other data could have been exposed on the dark web if reached in the wrong hands,” the researcher told TechCrunch.

Soon after TechCrunch contacted Rapido about the spilling data, Rapido set the exposed portal to private.

“As a standard operating procedure, we are in the process of soliciting valuable feedback from our stakeholder community on our services. While this is being managed by external parties, we have come to understand that the survey links have reached some unintended users from the public,” Rapido CEO Aravind Sanka said in a statement emailed to TechCrunch. Sanka remarked that the collected phone numbers and email addresses were “non-personal in nature.”



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

Ransomware attack on health giant Ascension hits 5.6 million patients

A May ransomware attack on Ascension, a U.S. healthcare giant with more than 140 hospitals and dozens...

Why Apple sends spyware victims to this nonprofit security lab

Before the elections, the cybersecurity team of U.S. vice president and then-presidential candidate Kamala Harris reached out...

Bluesky adds mentions tab in the notifications screen and username squatting protection

Social network Bluesky has released a new update to its app that includes a separate mentions tab...

Uzbekistan’s mobile bank TBC bags $37M to expand with new AI and insurance products

Uzbekistan’s mobile-exclusive bank, TBC Bank Uzbekistan, has raised $37 million in a new funding round to bolster...

British university spinoff Mindgard protects companies from AI threats

AI creates a dilemma for companies: Don’t implement it yet, and you might miss out on productivity...

European Solo GP Robin Capital closes first fund with €15M to play with

Robin Capital — the Germany-based, Solo GP-led VC fund by former entrepreneur Robin Haak — has hit...

Sequoia’s Matt Miller is exiting the firm after making headlines earlier this year

The writing was on the wall, seemingly.  Sequoia Capital partner Matt Miller announced on Wednesday that he’s leaving...

Sam Altman once owned some equity in OpenAI through Sequoia

OpenAI CEO Sam Altman sat before Congress in 2023 to testify about the dangers of AI. He...