Rapido Reportedly Fixes Security Flaw That Exposed User and Driver Information

Rapido recently fixed a security flaw that exposed personal information related to users and drivers on the ride-hailing platform, according to a report. A feedback form designed for Rapido users and drivers reportedly revealed their full names, email addresses, and phone numbers, via a portal that was discovered by a security researcher. The company acknowledged the issue and has secured the portal in order to prevent unauthorised access to user and driver data that could be used to target these users in scams.

Rapido Sets Exposed Portal Detected By Security Researcher to Private

TechCrunch reports that security researcher Renganathan P discovered a security flaw connected with a website that was used to collect feedback from both Rapido drivers and users. The issue was related to an application programming interface (API) that would transmit the feedback received from users to a third party service, according to the publication.

The affected portal was exposing personal information related to both Rapido users and drivers, according to the publication. This included users' email addresses, phone numbers, and the name they entered while submitting some feedback using the form.

According to the report, around 1,800 responses (including email addresses and phone numbers) were exposed via the portal. The publication states that it verified the data was able to verify the portal was revealing user data, by submitting some text using the same form.

Rapido quickly fixed the security flaw that let to the exposure of user and driver information, by setting the affected portal to private, according to the report. "While this is being managed by external parties, we have come to understand that the survey links have reached some unintended users from the public," Rapido CEO Aravind Sanka told the publication.