Powered By Inc42 BrandLabs

Powered By Inc42 BrandLabs


Post publishing this article, we received an official statement from Ola stating,

There has been no security lapse, whatsoever to any user data. The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes. We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data is paramount to us at Ola.


Powered By Inc42 BrandLabs

Powered By Inc42 BrandLabs

Cab hailing app Ola has been hacked! An anonymous hacker going by the name of TeamUnknown on Sunday posted on Reddit that he has hacked Ola. The hacker has posted the database structure of Olacabs and claims that he has access to user details as well as credit card, transaction history, un-used vouchers, which the hacker call as the “winning a lottery.”

On Reddit, the hacker posted,

OlaCabs is an online cab aggregator based out of Mumbai and among the fastest growing taxi hiring firms. Taxi booking facility can be availed through app, website or through calls.

It was founded on 3 December 2010 by Bhavish Aggarwal (currently CEO) and Ankit Bhati. By 2014, the company has expanded to a network of more than 18000 cars across more than 65 cities. In November 2014, Ola expanded to incorporate autos on-trial basis in Bengaluru.[2] Post the trial phase, Ola Auto expanded to other cities like Delhi, Pune and Chennai starting December 2014. ( source : wikipedia.org)

Their Application design is very poor and their development server is weakly configured. The hack was a little tricky and involved many steps to get to the database. Once we got to the database it was like winning a lottery. It had all the user details along with credit card transaction history and unused vouchers. The voucher codes are not even out yet. Its obvious that we wont be using credit card details and voucher codes. We dropped them a mail but no response from their side as of now. You can see the snapshots in the links given below. I am sure OLA might be having a security team of their own. Not that good it seems 😉 .

As proof, the hacker has also posted snapshots of the database query that includes a lot of names that appear to be related to Ola.ola 3

Ola 2

Ola 1

Just few days back, Times Internet’s Gaana was also hacked. 

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.