Summarize

Simplifying... Inshort

A security flaw in the Rapido app's feedback form led to the exposure of over 1,800 customer details, including phone numbers and email addresses.
The company has since secured the portal and urged users to be vigilant for potential scams.
Users are advised to use strong passwords and monitor their accounts for any unusual activity.

Was a long read? Making it simpler...

Next Article

The breach exposed names, email IDs, and phone numbers

Rapido app data breach: Thousands of customers' details exposed online

By Akash Pandey

Dec 20, 2024

01:15 pm

What's the story

Rapido, one of India's popular ride-hailing services, has recently come under the radar for a data breach that exposed sensitive information of users and drivers. The security lapse was flagged in a feedback form meant for the app's auto-rickshaw users and drivers. This breach exposed personal details such as full names, email addresses, and phone numbers of people availing the service.

Breach discovery

Security researcher uncovers data breach

Security researcher Renganathan P discovered the data breach, having found the vulnerability in Rapido's feedback form. The exposed information was associated with an API created to collect feedback and send it to a third-party service employed by Rapido. TechCrunch was able to independently verify this vulnerability by sending a test message through the feedback form, which promptly showed up as a record in the exposed portal.

Data exposure

Over 1,800 feedback responses exposed in breach

As of Thursday, the exposed portal had over 1,800 feedback responses. These included a large number of phone numbers of drivers and a few email addresses. The researcher warned that this could have resulted in a large-scale scam with scammers or hackers possibly ending up calling drivers and executing a social engineering attack.

Company response

Company responds to data breach

In the wake of the data breach, Rapido acted swiftly to secure the exposed portal by setting it to private. In a statement emailed to TechCrunch, Rapido CEO Aravind Sanka said "As a standard operating procedure, we are in the process of soliciting valuable feedback from our stakeholder community on our services." "While this is being managed by external parties, we have come to understand that the survey links have reached some unintended users from the public."

User vigilance

Rapido users urged to be vigilant

Following the data breach, Rapido users are being advised to be wary of any suspicious emails, calls, or text messages. They are also encouraged to implement strong passwords and monitor their accounts for unusual activity. This is as a precautionary measure against potential scams that could arise from the exposed information.