In past few days, we have been listening about a number of bugs being reported in the Indian tech startups. Started with the Ola hack, which allowed people to recharge Ola wallets without having to actually pay, another post written by Shivani Maheshwari on Medium showing how she tricked the ZopNow payment gateway to order products for which didn’t pay got people attention. However, ZopNow’s response was quick and it fixed the issue in just 8 hours.
This time there is another startup which has been dragged into this and it is Rocket Internet backed FoodPanda. Few students from IIIT Hyderabad found a bug that allowed foodpanda users to get orders delivered without making the payment. The bug was reported by a startup called Brthe in a medium post.
How does that work, you say? Here it goes:
- Build your order as you’d usually do, use the coupon code ‘welcome’ which is only applicable for new users and check out
- Fill out the details and click on the payment options. PayUMoney is the preferred option for this as it offers an additional discount
- When you are at the final payment page, hold on for a while without closing the tab or making the payment
- Within seconds you’ll receive a message from FoodPanda stating your order has been placed.
- Click on the “back to foodpanda.in” button
- Voila! You’re food shall be delivered.
“We at Brthe have a chrome extension that prompts the most suitable coupon to let you order food at the best possible price and have a good user base in IIIT-H. It was the evening of April 8th, we noticed our chrome extension getting abnormally large traffic. When we checked on this, the news about the bug was spreading through IIIT hostels like wild fire. Each person went on to fulfill their food fantasies. After all free food does taste better. The fanciest desserts from Baskin Robins and the largest pizzas were from Papa John’s were ordered. Delivery boys queued up outside the campus for hours after the gates closed. According to the students, orders worth over 6 lakhs were placed,” said the company in a blogpost.
Well in response to this, rather than resolving the issue, foodpanda first shutdown services in Hyderabad, and later restricted the shutdown to the Gachibowli area where IIIT Hyderabad is located.
Though issues like these are tend to arise, as no one is perfect, but however, how the issue is handled does matters. Both Ola, which took it seriously and made some provisions and ZopNow, which responded quickly to the issue, had managed the situation perfectly. On the other side, it is disheartening to see foodpanda’s response to the issue.
The above story which highlights a dubious act done by IIIT H students has been criticised a lot by the startup community and a lot of recruiters. Student body of the said college has requested us to take the story down, so that the image of their college and students is not further affected in a negative way. Unfortunately, we can not take the story down, but would like to add the perspective of other students of IIIT H.
According to a student who is representing the student body,
The story on medium was written by the founders of the brthe startup, also IIIT students who just wanted to boast about the free food they could order, exploiting the flaw in the website and to sell their chrome extension.
It is true that few students made use of the flaw in the system. But those are a small minority of our institute and the student body is really ashamed of their actions. The 6 lakh figure was author’s own imagination.
The entire episode has put our institute in bad light and already some of our recruiters started talking about cancelling hiring . We students are really worried about the situation. We are actually coordinating with the students to collect the money and return it to the website.