User & Driver Data Leaked At Rapido, Glitch Fixed

User & Driver Data Leaked At Rapido, Glitch Fixed

SUMMARY

The personal data was exposed due to a flaw with a website form which collected feedback from Rapido rickshaw users and drivers

The issue was discovered by security researcher and ethical hacker Renganathan P

As of December 19, the open portal had more than 1,800 feedback responses which consisted of phone number and also email addresses

Ride hailing unicorn Rapido leaked the personal information of its users and drivers due to a security issue with a feedback form.

The personal data was exposed due to a flaw with a website form which collected feedback from Rapido rickshaw users and drivers. The issue was discovered by security researcher and ethical hacker Renganathan P.

The development was first reported by TechCrunch. 

Rapido collected the user data via a third-party feedback form, which exposed the full names, email addresses, and phone numbers.

Renganathan told Inc42, “There was a form which was not hosted on the primary domain, which is rapido.bike, but on another domain which seems to be owned by Rapido. (It) contained the feedback form which disclosed names, phone numbers, few email IDs, and feedback messages, majority of which belong to auto drivers and a few customers.”

As of Thursday (December 19), the open portal had more than 1,800 feedback responses which consisted of phone numbers of rickshaw drivers and a comparatively fewer email addresses.

Renganathan said that when companies outsource work to external agencies, they need to pay extra attention to “secure coding and additional access control security”. He said that performing security assessment or hosting bug bounty programmes are suggested options.

“India has (a) lot of security professionals, I request startups to make use of such cyber experts…” he added.

Responding to the queries of Inc42, Rapido spokesperson said in a statement, “As a standard operating procedure, we are in the process of soliciting valuable feedback from our stakeholder community on our services. While this is being managed by external parties, we have come to understand that the survey links have reached some unintended users from the public.”

“We fixed the issue immediately and it is now resolved. As a fast-growing company in a highly dynamic market, we stay committed to full compliance of our data protection policy,” the spokesperson added. 

Founded in 2015 by Rishikesh SR, Pavan Guntupalli, and Aravind Sanka, Rapido primarily operates in the bike taxi and auto transportation segments. It also entered the cab services segment recently. 

The startup trimmed its loss by more than 45% to INR 370 Cr in the financial year 2023-24 (FY24) from INR 675 Cr in the previous year. Revenue zoomed 1.5X to INR 648.1 Cr from INR 443 Cr in FY23. 

The development comes at a time when a number of Indian startups and companies have been hit by data security troubles in recent times. Fintech SaaS startup Signzy was hit by a cyberattack in late November.

Prior to that, health insurer Star Health was caught in a data breach and the data of its customers was allegedly put up for sale on instant messaging app Telegram. The company said that the hacker, who leaked the personal data of its 3 Cr customers, demanded a ransom of $68,000 (INR 57 Lakh).

In September, payments and commerce platform DotPe also leaked data of its customers due to a “human error”.

Note: The headline and copy have been edited to add comments from Renganathan and Rapdio.

You have reached your limit of free stories
Rise To The Top With Startup Insights That Matter!
Celebrate Republic Day With Inc42 Plus

Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in india's startup & business economy.

Offer Ends In
countdownmail.com
2 YEAR PLAN
₹19999
₹6999
₹291/Month
UNLOCK 65% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹3999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

User & Driver Data Leaked At Rapido, Glitch Fixed-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

User & Driver Data Leaked At Rapido, Glitch Fixed-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

User & Driver Data Leaked At Rapido, Glitch Fixed-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

User & Driver Data Leaked At Rapido, Glitch Fixed-Inc42 Media
User & Driver Data Leaked At Rapido, Glitch Fixed-Inc42 Media
You’re in Good company