Topics
Latest
AI
Amazon
Image Credits:Jagmeet Singh / TechCrunch
Apps
Biotech & Health
mood
Image Credits:Jagmeet Singh / TechCrunch
Cloud Computing
Commerce
Crypto
endeavor
EVs
Fintech
Fundraising
Gadgets
game
Government & Policy
Hardware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
protection
Social
Space
inauguration
TikTok
Department of Transportation
speculation
More from TechCrunch
upshot
Startup Battlefield
StrictlyVC
Podcasts
video
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Rapido , a pop drive - hailing platform in India , has situate a security issue that expose personal information associated with its users and drivers , TechCrunch has solely find out .
The flaw , discovered by certificate researcher Renganathan P , was refer to a website form meant to collect feedback from Rapido auto - ricksha user and drivers . The form exposed the full names , e-mail addresses , and phone number of someone , which TechCrunch has construe establish on the details provided by the researcher .
The researcher tell apart TechCrunch that the exposed data pertained to one of Rapido ’s genus Apis , which was meant to take in and share info from the feedback form with a third - political party service used by Rapido .
TechCrunch verified the vulnerability by submitting a generic substance through the feedback anatomy , which we watch come along soon after as a record in the exposed portal .
As of Thursday , the exposed portal had over 1,800 feedback reaction , which include a magnanimous phone number of phone numbers belong to equipment driver and a less number of e-mail reference , the research worker say .
“ This could have led to a big cozenage regard scammers or hackers , who may have terminate up call drivers and perform a large - scale social engineering attack , or simply these sound numeral and other data point could have been let out on the dark internet if reached in the awry hands , ” the investigator tell TechCrunch .
before long after TechCrunch adjoin Rapido about the spilling data , Rapido define the expose vena portae to private .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
“ As a received operating procedure , we are in the procedure of solicit worthful feedback from our stakeholder community on our service . While this is being managed by outside parties , we have come to understand that the sketch links have reached some unintended users from the public , ” Rapido CEO Aravind Sanka said in a statement emailed to TechCrunch . Sanka remarked that the collected phone numbers and e-mail address were “ non - personal in nature . ”
