Connect with us

Cyber Crime

Rapido Data Breach: User and Driver Information Exposed via Vulnerable Feedback Form

Published

on

Rapido, a prominent Indian ride-hailing platform, recently addressed a security vulnerability in its feedback form that exposed personal information of users and drivers. The issue was discovered by security researcher Renganathan P, who found that the feedback form’s API inadvertently allowed access to full names, email addresses, and phone numbers.

The Breach Details

The exposed data, collected through an API designed to share feedback with a third-party service, was accessible via a public portal. Verification tests confirmed that submitting a message through the form resulted in its appearance in the exposed portal. The issue reportedly stemmed from improper handling of the feedback form, which allowed unauthorized access to sensitive information. By the time the issue was identified, over 1,800 feedback responses had been exposed, including numerous driver phone numbers and some email addresses. This raised concerns about potential scams or social engineering attacks targeting those affected.

ALSO READ : Call for Speakers: FutureCrime Summit 2025 Opens Registrations for Experts in the Biggest Cybercrime Conference

Security Implications

Cybersecurity experts have flagged this breach as a significant risk, as the compromised data could be exploited for phishing attacks, identity theft, or other malicious activities. Also, the researcher highlighted that this data exposure posed significant risks, including the potential for large-scale social engineering scams targeting drivers or the illicit sale of the compromised information on the dark web.

Company’s Response

In response, Rapido secured the portal by setting it to private. CEO Aravind Sanka acknowledged the issue, stating that the survey links had unintentionally reached unintended users. This incident underscores the importance of robust data security measures, especially when handling user feedback and integrating third-party services. Organizations are advised to regularly audit their APIs and feedback mechanisms to prevent unauthorized data exposure.

Rapido has acknowledged the vulnerability and assured users that they are addressing the issue with high priority. The company is collaborating with cybersecurity specialists to strengthen its systems and prevent future breaches.

Follow The420.in on

 TelegramFacebookTwitterLinkedInInstagram and YouTube

 

Continue Reading