The vulnerability that left the data exposed pertained to one of the platform’s APIs. (File photo)
Ride-hailing platform Rapido has fixed a security vulnerability that exposed the personal information of users and drivers of auto-rickshaws.
First flagged by security researcher Renganathan P, the security flaw could have given hackers access to the full names, email addresses, and phone numbers of individuals through a website form that was meant to collect feedback from Rapido auto-rickshaw drivers and users.
You have exhausted your monthly limit of free stories.
Read more stories for free with an Express account.
The vulnerability that left the data exposed pertained to one of the platform’s APIs used to fetch information from the feedback form by a third-party service used by Rapido.
Over 1,800 feedback responses with email addresses and phone numbers had been recorded in the exposed portal until it was made private by Rapido, according to a report by TechCrunch.
“This could have led to a big scam involving scammers or hackers, who may have ended up calling drivers and performing a large-scale social engineering attack, or simply these phone numbers and other data could have been exposed on the dark web if reached in the wrong hands,” Renganathan was quoted as saying by the US-based tech news outlet.
In response to the security breach, Rapido CEO Aravind Sanka reportedly said, “As a standard operating procedure, we are in the process of soliciting valuable feedback from our stakeholder community on our services. While this is being managed by external parties, we have come to understand that the survey links have reached some unintended users from the public.”
Technology on smartphone reviews, in-depth reports on privacy and security, AI, and more. We aim to simplify the most complex developments and make them succinct and accessible for tech enthusiasts and all readers. Stay updated with our daily news stories, monthly gadget roundups, and special reports and features that explore the vast possibilities of AI, consumer tech, quantum computing, etc.on smartphone reviews, in-depth reports on privacy and security, AI, and more. We aim to simplify the most complex developments and make them succinct and accessible for tech enthusiasts and all readers. Stay updated with our daily news stories, monthly gadget roundups, and special reports and features that explore the vast possibilities of AI, consumer tech, quantum computing, etc.
