Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
TechCrunch exclusively reported that Rapido, a popular ride-hailing platform in India, has resolved a security issue that exposed personal information related to its users and drivers.
The flaw, discovered by security researcher Renganathan P, was related to a website form designed to collect feedback from Rapido auto-rickshaw users and drivers. The form disclosed the full names, email addresses and phone numbers of the individuals TechCrunch saw based on the details provided by the researcher.
The exposed data pertains to one of Rapido’s APIs, which is designed to collect and share feedback form data with a third-party service that Rapido uses, the researcher told TechCrunch.
TechCrunch quickly confirmed the leak by posting a general message via a feedback form that we saw appear as a record on the exposed portal.
The portal, which was exposed on Thursday, contained more than 1,800 feedback responses, including many phone numbers and a smaller number of email addresses belonging to drivers, the researcher said.
“This could have led to a major scam involving fraudsters or hackers calling drivers and carrying out a large-scale social engineering attack, or simply those phone numbers and other information being exposed on the dark web. wrong hands,” the researcher told TechCrunch.
Shortly after TechCrunch contacted Rapido about the breach, Rapido designated the affected portal as private.
“As standard operating procedure, we are in the process of obtaining valuable feedback from our community of stakeholders regarding our services. While this was handled by external parties, we realized that survey links reached some unintended users from the public,” Rapido CEO Aravind Sanka said in an emailed statement to TechCrunch. Sanka noted that the collected phone numbers and email addresses were “not – has a personal character”.
