Ride-hailing platform Rapido recently addressed a security vulnerability that exposed personal information of its users and drivers. A security researcher discovered that a feedback form on the platform was revealing full names, email addresses, and phone numbers through a publicly accessible portal.
The vulnerability stemmed from an API that transmitted feedback to a third-party service. This allowed unauthorized access to sensitive data, potentially putting users and drivers at risk of scams and targeted attacks.
It is estimated that around 1,800 responses, including email addresses and phone numbers, were exposed through the portal.
Rapido acted quickly to rectify the situation by securing the portal and preventing further unauthorized access. The company acknowledged the issue and stated that while the feedback process was managed by external parties, they were taking steps to ensure the security of user data.
This incident serves as a reminder of the importance of data security and the need for companies to remain vigilant in protecting user information.