The flaw, discovered by security researcher Renganathan P, was related to a website form meant to collect feedback from Rapido auto-rickshaw users and drivers, which inadvertently exposed the full names, email addresses, and phone numbers of individuals. TechCrunch verified the exposure by submitting a generic message, which appeared shortly after in the exposed portal, highlighting a serious security loophole in user data management.
Renganathan P warned that the leaking data had serious implications, stating, 'This could have led to a big scam involving scammers or hackers, who may have ended up calling drivers and performing a large-scale social engineering attack.' The potential for data to be exposed on the dark web also raised significant concerns.
In response to the situation, Rapido CEO Aravind Sanka acknowledged the issue, stating, 'As a standard operating procedure, we are in the process of soliciting valuable feedback from our stakeholder community on our services.' He emphasized that the survey links had reached unintended public users, highlighting a gap in data privacy management.
Despite the gravity of the situation, Sanka dismissed the significance of the compromised data by claiming it was 'non-personal in nature,' downplaying the risks associated with the exposed phone numbers and email addresses.
Collection
[
|
...
]