Ride-hailing platform Rapido has fixed a security vulnerability that exposed the personal information of users and drivers of auto-rickshaws. First flagged by security researcher Renganathan P, the security flaw could have given hackers access to the full names, email addresses, and phone numbers of individuals through a website form that was meant to collect feedback from Rapido auto-rickshaw drivers and users. The vulnerability that left the data exposed pertained to one of the platform’s APIs used to fetch information from the feedback form by a third-party service used by Rapido. Over 1,800 feedback responses with email addresses and phone numbers had been recorded in the exposed portal until it was made private by Rapido, according to a report by TechCrunch. “This could have led to a big scam involving scammers or hackers, who may have ended up calling drivers and performing a large-scale social engineering attack, or simply these phone numbers and other data could have been exposed on the dark web if reached in the wrong hands,” Renganathan was quoted as saying by the US-based tech news outlet. In response to the security breach, Rapido CEO Aravind Sanka reportedly said, “As a standard operating procedure, we are in the process of soliciting valuable feedback from our stakeholder community on our services. While this is being managed by external parties, we have come to understand that the survey links have reached some unintended users from the public.”
