A hacker group which calls themselves as TeamUnknown has claimed on Reddit that they have hacked into OlaCabs data base, and have access to information like user details, credit card transaction history and unused vouchers.
Update: Ola sent a statement to iamWire, “”There has been no security lapse, whatsoever to any user data. The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes. We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data is paramount to us at Ola.”
They announced that, “Once we got to the database it was like winning a lottery. It had all the user details along with credit card transaction history and unused vouchers. The voucher codes are not even out yet.” TeamUnknown dropped a mail to OlaCabs to show them weakness in their system, but has received no response from their side as of now.
The hacker group also posted 3 screenshots that allegedly belongs to OlaCabs. The first screenshots shows the email ids, phone numbers and names of the various users and employees.
In second screenshots, they shown that they can access all major tables inside the database like user preferences, credit cards details and transaction history. The third screenshots represents MYSQL codes that can be used to retrieve any information from the company’s database.
TeamUnknown also mentioned on Reddit that, ”Its obvious that we wont be using credit card details and voucher codes.” If it’s true then this will prove to be like the Times Internet Limited owned Gaana.com hack in May end, where hackers carried out the hack to show the security fault only, and didn’t disclose the details of the users.
Last month, a tech enthusiast hacked Ola Wallet and shared how he hacked it. Also, he collected huge amount of free recharge and had said that,” Breaching Ola was one of the easiest kind of hacks possible, and a part of me is disagreeing with the part that describes it as a hack.” After a month later, Ola’s security team corrected the issue and also thanked him for bringing out this flaws. Will lack of a secure system become a reason for the failure of fast moving technology companies in India? We’ll keep you updated with developments in this matter.