Crisis averted!
In a nutshell Rapido’s CEO Aravind Sanka mentioned “As part of our usual feedback hunt to better our services somehow the survey links waltzed over to unintended recipients from the public realm.” And just so you know Sanka assured that the phone numbers and email addresses collected were “non-personal in nature.” Whew now that’s a sigh of relief!
So buckle up and stay alert out there dear passengers. TechCrunch even put this exposure to the test by firing off a generic message through the feedback form, and quick as a flash, it popped up as a record in the exposed portal.
By last Thursday, the exposed portal was bursting with over 1,800 feedback responses, chock full of drivers’ phone numbers and a smattering of email addresses, shared the researcher. Imagine the chaos that could’ve ensued if this info fell into the wrong hands like scammers or hackers pulling off a grand social engineering heist or worse ending up on the shadowy corners of the dark web.
When TechCrunch knocked on Rapido’s digital door about this data leak Rapido swiftly chucked the exposed portal into private mode. Hold onto your helmets, because TechCrunch got the scoop on this exclusive revelation.
The hiccup, uncovered by security whiz Renganathan P, revolved around a form on Rapido’s website designed for feedback from their trusty auto-rickshaw patrons. This form accidentally spilled the beans on full names, email addresses, and phone numbers of the folks, all of which TechCrunch got a peek at, courtesy of the sharp-eyed researcher.
According to the researcher, this data oopsie was linked to one of Rapido’s APIs meant to ferry info from the feedback form to a third-party service used by Rapido. It’s always an adventure on these digital highways!. Rapido, the beloved ride-hailing platform, patched up a security gap that had put their users’ and drivers’ personal information at risk né?. Fasten your seatbelts folks! We’ve got some juicy news straight from the bustling streets of India né?
