CybercrimeRapido Data Breach: Vulnerable Feedback Form Exposes User and Driver Information

A security flaw in Rapido's feedback form that exposed customer and driver personal information was recently fixed by the well-known Indian ride-hailing service. Security researcher Renganathan P noticed the problem when he realized that the API for the feedback form unintentionally gave access to phone numbers, email addresses, and full names.

Cyber News Dec 21, 2024 0 14 Add to Reading List

CybercrimeRapido Data Breach: Vulnerable Feedback Form Exposes User and Driver Information

A security flaw in Rapido's feedback form that exposed customer and driver personal information was recently fixed by the well-known Indian ride-hailing service. Security researcher Renganathan P noticed the problem when he realized that the API for the feedback form unintentionally gave access to phone numbers, email addresses, and full names.

Details of the Breach
A public portal provided access to the disclosed data, which was gathered via an API intended to exchange input with a third-party service. Verification tests verified that sending a message via the form caused it to show up on the public portal. According to reports, the problem arose from incorrect feedback form management, which gave sensitive information to unauthorized parties. More than 1,800 feedback answers, including a number of driver phone numbers and some email addresses, had been made public by the time the problem was discovered. This sparked worries that individuals impacted would be the subject of scams or social engineering efforts.

Implications for Security
Because the exposed data could be used for identity theft, phishing attacks, and other nefarious actions, cybersecurity experts have identified this breach as being a serious risk. The study also pointed out that there were serious hazards associated with this data exposure, such as the possibility of widespread social engineering schemes that target drivers or the illegal selling of the exposed data on the dark web.

The Company's Reaction
Rapido responded by making the portal private and protected. Aravind Sanka, the CEO, admitted that the survey links had accidentally reached those who weren't supposed to be there. Strong data security safeguards are crucial, particularly when managing user feedback and integrating third-party services, as this instance highlights. It is recommended that organizations conduct routine audits of their feedback channels and APIs in order to prevent illegal data exposure.

Rapido has confirmed that the vulnerability exists and promised users that they are giving the problem top consideration. The business is working with cybersecurity experts to fortify its systems and stop intrusions in the future.