Lapse of IT security, breach(es) and OlaCabs’ statement

The Logical Indian

June 8th, 2015

OlaCabs is an online cab aggregator based out of Mumbai and among the fastest growing taxi hiring firms. Taxi booking facility can be availed through app, website or through calls.

It was founded on 3 December 2010 by Bhavish Aggarwal (currently CEO) and Ankit Bhati. By 2014, the company has expanded to a network of more than 18000 cars across more than 65 cities. In November 2014, Ola expanded to incorporate autos on-trial basis in Bengaluru. Post the trial phase, Ola Auto expanded to other cities like Delhi, Pune and Chennai starting December 2014.

OlaCab’s system has allegedly been hacked by a hacker group called ‘TeamUnknown’. They posted it on Reddit after their audacious success in the same and claimed it to be like ‘winning a lottery’. According to the group, their goal was to merely expose OlaCab’s weak security and have reportedly said that they have no intention to use the data obtained, which includes credit card information, unused vouchers and the user database.

Their Application design is very poor and their development server is weakly configured. The hack was a little tricky and involved many steps to get to the database. Once we got to the database it was like winning a lottery. It had all the user details along with credit card transaction history and unused vouchers. The voucher codes are not even out yet. Its obvious that we wont be using credit card details and voucher codes. We dropped them a mail but no response from their side as of now. You can see the snapshots in the links given below. I am sure OLA might be having a security team of their own. Not that good it seems 😉

The above was posted on the Reddit by TeamUnknown with the following screenshots:OlaCabs Screen 1

Ola Cabs Screen 3

Ola Cabs Sreen 2

The screenshots suggest that the hackers have access to email IDs of various employees along with their phone numbers, and can execute MySQL queries that can retrieve any information from OlaCabs database.

A fact to be noted is that this isn’t OlaCabs’ first ‘publicly out’ breach. Its previous system ‘hack’ came to surface in March 2015, two months after Shubham Paramhans noticed the glitch and several attempts to bring the OlaCab’s IT security team to fix the same. After waiting for more than sixty days, it wasn’t fixed and Shubham was forced to expose the same.

An official statement from the company on 8th June 2015 reads the following:

There has been no security lapse, whatsoever to any user data. The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes. We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data is paramount to us at Ola.

Share your thoughts..

Art Has The Power To Transform Lives

Related Stories

Narendra Modi App Shares Users’ Personal Data With US Firm, Discreetly Changed Privacy Policy After Allegations Of Breach

Cyber Security & What A Digital User Can Do To Have A Safer Experience

Report Says You Can Access Billion Aadhaar Details With Just Rs 500, UIDAI Denies Breach

Citing Privacy, France Asks WhatsApp To Stop Sharing Data With Facebook

Uber

Uber Paid Hackers $100,000 To Cover Up Data Breach Of Over 5 Crore Passengers And Drivers

Misuse Of Aadhaar Biometrics Data

First Known Misuse Of Aadhaar Biometrics Data Reported, Probe Initiated Against 3 Firms

Latest on The Logical Indian

Environment

Kerala: This Bank Goes Beyond Its Duties And Helps 800 Villagers Learn Organic Farming

My Social Responsibility

Using Farming This Man Is Grooming IAS, IPS And Other Jobs Aspirants To Serve The Society More Efficiently

Legal

Seven Opposition Parties Move Impeachment Motion Against CJI; Submit Petition To Vice President With 71 Signatures

News

Gujarat HC Acquits Maya Kodnani From Naroda Patiya Case, Worst Massacre Of 2002 Gujarat Riots

Get Inspired

Manipuri Man Missing For 40 Years Reunites With Family Thanks To YouTube

World Affairs

Pilot Safely Lands Plane After Mid-Air Engine Blast, Saves Lives Of 143 Passengers