Leading Uber competitor leaks user and driver data online.

A significant security issue has been discovered in Rapido, a well-known transportation platform in India. A cybersecurity researcher revealed that a bug in one of its application programming interfaces (API) was causing the exposure of sensitive information from users and drivers. This flaw was identified in a form on the website intended to collect feedback from auto-rickshaw users, a three-wheeled vehicle widely used in India and other Asian countries.

Those users who submitted their feedback had their personal information, such as full names, email addresses, and phone numbers, compromised publicly. A report added that the database contained over 1,800 survey responses, with a considerable number of drivers' phone numbers and a smaller amount of email addresses. The researcher warned that this situation could have facilitated scam tricks involving social engineering, as well as the possibility that the data could have been exposed on the dark web if it fell into the wrong hands.

After the leak was reported, Rapido took swift action to secure the database and prevent unauthorized access. It is unclear whether malicious actors had previously accessed this information or if there had been any abuse of the available data. The collected information, which is fundamental for carrying out phishing scams and identity theft, was mentioned in the company's statements.

Aravind Sanka, CEO of Rapido, assured that the company was in the process of gathering valuable feedback from its community to improve its services, although he acknowledged that the survey links had reached unwanted users from the public. Sanka also pointed out that the collected phone numbers and email addresses were of a "non-personal" nature.