Hundreds Of Rapido Users Were Left Exposed To Security Breach Due To THIS Vulnerability, Fixed Now
Over 1,800 feedback responses with email addresses and phone numbers were recorded in the exposed portal before it was finally made private by Rapido.
Rapido users were highly vulnerable to a security breach in which their personal information (including that of both users as well as of autorickshaw drivers) could have been exposed to hackers. Security researcher Renganathan P was the first to identify a vulnerability in Rapido’s system that potentially allowed hackers to access personal details, including full names, email addresses, and phone numbers. The vulnerability has been fixed now, and as per reports, the data is safe.
The flaw was linked to a website form designed to gather feedback from Rapido’s autorickshaw drivers and users. The issue arose from an API used by a third-party service to retrieve data from the feedback form, leaving the information unprotected. However, Rapido has since resolved the security issue that put the personal information of its users and drivers at risk.
According to a report by the TechCrunch, over 1,800 feedback responses with email addresses and phone numbers were recorded in the exposed portal before it was finally made private by Rapido.
TechCrunch quoted Renganathan as saying, “This could have led to a big scam involving scammers or hackers, who may have ended up calling drivers and performing a large-scale social engineering attack, or simply these phone numbers and other data could have been exposed on the dark web if reached in the wrong hands.”
Rapido Responds
In response to the security breach, Rapido CEO Aravind Sanka reportedly said, “As a standard operating procedure, we are in the process of soliciting valuable feedback from our stakeholder community on our services."
Sanka added, "While this is being managed by external parties, we have come to understand that the survey links have reached some unintended users from the public.”
Top Headlines
