1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Top Uber rival leaks user and driver data online

    From TechnologyDaily@1337:1/100 to All on Friday, December 20, 2024 11:00:05
    Top Uber rival leaks user and driver data online

    Date:
    Fri, 20 Dec 2024 10:49:21 +0000

    Description:
    Rapido was apparently exposing a feedback archive online, which included emails and phone numbers.

    FULL STORY ======================================================================Indian ride-sharing company Rapido was found leaking driver and customer data The flaw stemmed from a faulty API The company was leaking names, emails, and phone numbers

    A major Indian ride-hailing platform was exposing sensitive user data thanks to a bug in one of its APIs.

    The flaw in Rapido's systems was discovered by security researcher
    Renganathan P, who claimed it stemmed from a website form designed to collect feedback from auto-rickshaw users and drivers. Auto-rickshaw is a three-wheeled vehicle, popular across India and many Asian countries.

    Users that provided the feedback have had their sensitive information exposed to the public, including full names, email addresses, and phone numbers. Rapido exposure

    The database has been seen by TechCrunch , which confirmed its authenticity. The data was supposed to be shared with a third-party service, used by
    Rapido, only, but the publication says the database counts more than 1,800 feedback responses, with a large number of driver phone numbers, and a lesser number of email addresses.

    This could have led to a big scam involving scammers or hackers, who may have ended up calling drivers and performing a large-scale social engineering attack, or simply these phone numbers and other data could have been exposed on the dark web if reached in the wrong hands, Renganathan P said.

    The publication subsequently reached out to Rapido, who locked down the database and prevented more unauthorized access. We dont know if any
    malicious actors found this database in the past, or if the data was abused
    in the wild. Phone numbers and email addresses are vital in running phishing and identity theft scams.

    As a standard operating procedure, we are in the process of soliciting valuable feedback from our stakeholder community on our services. While this is being managed by external parties, we have come to understand that the survey links have reached some unintended users from the public, Rapido CEO Aravind Sanka said in a statement.

    Sanka added that the collected phone numbers and email addresses were non-personal in nature. You might also like Thousands of GPS tracking customers have info leaked following data breach Here's a list of the best antivirus These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/top-uber-rival-leaks-user-and-driver-da ta-online


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)