Indian bike-taxi aggregato Rapido leaks user, driver data
Learn More
An Indian security researcher has discovered a security vulnerability in Rapido, an Indian bike-taxi aggregator platform.
The bug was found in a feedback form on the company's website that collects information from auto-rickshaw users and drivers. The vulnerability was discovered in an API that connects Rapido's feedback form to a third-party service.
The leak has exposed the records on over 1,800 feedback forms and affects users and drivers across India. Exposed data includes:
- Full names
- Email addresses
- Phone numbers
- Feedback form contents
- Driver contact information
The security flaw could potentially enable malicious actors to export and sell the data on dark web marketplaces and perform large-scale social engineering attacks
After the responsible disclosure, Rapido closed the exposed form from public access.
The company acknowledges that the survey links had reached "unintended users from the public", but claims the exposed phone numbers and email addresses are "non-personal" in nature.
