A portal for feedback reportedly exposed around 1,800 responses from Rapido users and drivers that included some personal information.
Photo Credit: Pexels/ Sora Shimazaki
Rapido recently fixed a security flaw that exposed personal information related to users and drivers on the ride-hailing platform, according to a report. A feedback form designed for Rapido users and drivers reportedly revealed their full names, email addresses, and phone numbers, via a portal that was discovered by a security researcher. The company acknowledged the issue and has secured the portal in order to prevent unauthorised access to user and driver data that could be used to target these users in scams.
TechCrunch reports that security researcher Renganathan P discovered a security flaw connected with a website that was used to collect feedback from both Rapido drivers and users. The issue was related to an application programming interface (API) that would transmit the feedback received from users to a third party service, according to the publication.
The affected portal was exposing personal information related to both Rapido users and drivers, according to the publication. This included users' email addresses, phone numbers, and the name they entered while submitting some feedback using the form.
According to the report, around 1,800 responses (including email addresses and phone numbers) were exposed via the portal. The publication states that it verified the data was able to verify the portal was revealing user data, by submitting some text using the same form.
Rapido quickly fixed the security flaw that let to the exposure of user and driver information, by setting the affected portal to private, according to the report. "While this is being managed by external parties, we have come to understand that the survey links have reached some unintended users from the public," Rapido CEO Aravind Sanka told the publication.
Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.