Digital Flaw Found In Bike-Sharing Startup Bounce Leaves 2Mn Users’ Data At Risk

Digital Flaw Found In Bike-Sharing Startup Bounce Leaves 2Mn Users’ Data At Risk

SUMMARY

A security researcher found a digital flaw in the Bengaluru-based startup app

The hack put around 2 Mn users at risk, said a media report

Bounce cofounder told Inc42 that they had immediately fixed the bug

With digitisation presenting many business opportunities, the number of data breach incidents have also been on the rise. Latest to suffer a cybersecurity lapse is bike-sharing startup Bounce. A security researcher has found a digital flaw in the Bengaluru-based startup app.

“One of its internal application programming interface (API) can log the hacker into any Bounce account, bypassing the users’ phone number into the request, and in response, it returns with the access token and rider ID, which can be used to access any Bounce account,” according to a media report.

The vulnerability could have allowed hackers to access the accounts of 2 Mn users and their sensitive information, such as driving license, selfies, phone number, or email addresses, said the report.

Founded in 2014 by Vivekananda HR, Anil G and Varun Agni, Bounce offers a dockless urban mobility solution. The startup recently completed 10 Mn transactions in the city with its 9,500 scooters and around 2 Mn customers.

“A technical bug was detected in our system about a potential vulnerability to some user information. We immediately launched an investigation and fixed the bug to ensure that there is no risk to user data because of the identified bug,” CEO and cofounder of Bounce Vivekananda Hallekere told Inc42.

“The bug does not allow any direct access to the app, therefore any exploitation will require the impersonator to make multiple API calls to recreate the bike booking process without the app, requiring deep programming expertise,” he further added. The startup claimed that it does not collect any sensitive data, including email-ids, bank account, credit card, or other financial information and hence, higher sensitivity user information was never at risk.

While Bounce claims to have strong security processes and measures in place, the incident once again questions the effectiveness of cybersecurity in India.

Why Efficient Cybersecurity Is The Need Of The Hour?

The growth in the data economy in India has been exponential. However, poor security infrastructure has also led to several data-breach incidents recently. Bengaluru-based edtech startup Vedantu confirmed last month that it faced a data breach in the last week of September. Data of 687K Vedantu customers were put at risk as the data breach allegedly exposed customer details including email and IP addresses and names.

Before that, almost 1.3 Mn debit and credit card details were allegedly put up for sale on a website called Joker’s Stash. Media reports said that the database had details from various issuing banks and 98% of the leaked data belonged to Indian customers.

According to a Data Security Council of India (DSCI) report this year, India witnessed the second-highest number of cyber attacks in the world between 2016 and 2018. This comes at a time when digitisation of the Indian economy is predicted to result in a $435 Bn opportunity by 2025.

With such rapid technological advancements and 5G soon coming into play, the need of the hour is an effective cybersecurity policy. The Indian government announced in August that it would unveil an official cybersecurity strategy policy by January 2020, which would focus on new kinds of malware and IoT security. The government said what is needed for internet security is increased effective coordination between ministries that are looking after public-private partnerships.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Digital Flaw Found In Bike-Sharing Startup Bounce Leaves 2Mn Users’ Data At Risk-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Digital Flaw Found In Bike-Sharing Startup Bounce Leaves 2Mn Users’ Data At Risk-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Digital Flaw Found In Bike-Sharing Startup Bounce Leaves 2Mn Users’ Data At Risk-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Digital Flaw Found In Bike-Sharing Startup Bounce Leaves 2Mn Users’ Data At Risk-Inc42 Media
Digital Flaw Found In Bike-Sharing Startup Bounce Leaves 2Mn Users’ Data At Risk-Inc42 Media
You’re in Good company