Ola Cabs hacked; credit card transaction details and voucher codes exposed

One of India’s most talked-about startups and cabs aggregator, Ola Cabs, has been hacked. Writing about the hack, a group called TeamUnknown, posted on Reddit that the team could get access to user details along with credit card transaction history and unused vouchers.  Team Unknown said that getting access to the database was like winning a lottery.

Said Team Unknown, “Their application design is very poor and their development server is weakly configured. The hack was a little tricky and involved many steps to get to the database. Once we got to the database it was like winning a lottery. It had all the user details along with credit card transaction history and unused vouchers. The voucher codes are not even out yet. Its obvious that we wont be using credit card details and voucher codes. We dropped them a mail but no response from their side as of now. You can see the snapshots in the links given below. I am sure OLA might be having a security team of their own. Not that good it seems ;)”

Screenshots are available at these links:

http://imgur.com/Ezy9tBu

http://imgur.com/f7qr5EN

http://imgur.com/NwE5p0R

Unlike Gaana.com, which owned up the lapse [See Gaana.com hacked using SQL injection vulnerability; details of more than 10 million registered users exposed],  Ola said that there was no security lapse.

A statement from the company said, “There has been no security lapse, whatsoever to any user data. The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes. We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data is paramount to us at Ola.”

Team Unknown scoffed at this statement that there was no attempt, by releasing a screenshot that showed that the hackers had contacted Ola Cabs way back on June 2.

Mail sent to Ola Cabs

Leave a Reply

Your email address will not be published. Required fields are marked *