Rapido Fixes Security Flaw That Exposed Personal Data of Users and Drivers
A leading ride-hailing platform in India, has addressed a significant security vulnerability that exposed the personal information of its users and auto-rickshaw drivers. The flaw, discovered by security researcher Renganathan P, could have allowed unauthorized access to sensitive data, including full names, email addresses, and phone numbers.
The vulnerability was traced to a feedback form designed for users and drivers to share their experiences with Rapido. The issue arose from an API associated with a third-party service, which unintentionally left sensitive information accessible. According to reports, over 1,800 feedback entries containing personal data were exposed before Rapido acted to secure the portal by making it private.
The exposed data presented serious risks to affected individuals. Cybersecurity experts highlighted the potential for exploitation through phishing attacks, scams, or social engineering tactics. There was also concern that such sensitive information could make its way to the dark web, further endangering users and drivers.
Researcher’s Role and Immediate Action
Security researcher Renganathan P brought the issue to light after identifying the vulnerability and understanding the scale of the exposed information. His findings revealed how the flaw allowed hackers to extract data via the feedback form, making the need for immediate action critical.
Once informed about the issue, Rapido moved swiftly to address the flaw. The company secured the portal and implemented measures to prevent unauthorized access to sensitive information in the future.
Rapido CEO Aravind Sanka confirmed the vulnerability and acknowledged the incident in a statement. According to Sanka, the issue was linked to survey links being shared with unintended users. “We take the security of our users and partners very seriously. Once the vulnerability was identified, our team worked quickly to resolve the issue and ensure that no further data could be accessed,” he said.
Sanka also emphasized that Rapido is committed to safeguarding personal information and will continue to enhance its security infrastructure to prevent similar incidents.
Lessons and Industry Implications
This incident highlights the importance of robust cybersecurity practices for tech companies, especially those handling large volumes of personal data. Experts stress the need for regular security audits, strong API management, and user awareness to minimize risks associated with data breaches.
For Rapido, the incident serves as a learning opportunity to reinforce its security protocols and build trust among its user base. The ride-hailing platform has assured its customers and drivers that it is taking all necessary steps to uphold the highest standards of data protection. As the digital landscape becomes increasingly complex, companies like Rapido must remain vigilant against emerging cyber threats, ensuring that their platforms remain secure and reliable for all stakeholders.
