wordpress blog stats
Connect with us

Hi, what are you looking for?

Ola claims hack was on staging environment, no user data exposed

cmn_Ola

In response to MediaNama’s query regarding a claim that Ola, a cab and auto booking service, had been hacked, the company said that the alleged hack was on a staging environment, exposed for a test run, and not its main site. The full statement:

There has been no security lapse, whatsoever to any user data. The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes. We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data is paramount to us at Ola.”

A Reddit user called ‘TeamUnknown’ had posted a claim it had all the user details along with credit card transaction history and unused vouchers. The claim:

 

“Their (Ola’s) Application design is very poor and their development server is weakly configured. The hack was a little tricky and involved many steps to get to the database. Once we got to the database it was like winning a lottery. It had all the user details along with credit card transaction history and unused vouchers. The voucher codes are not even out yet. Its obvious that we wont be using credit card details and voucher codes. We dropped them a mail but no response from their side as of now. You can see the snapshots in the links given below. I am sure OLA might be having a security team of their own. Not that good it seems 😉

View post on imgur.com

View post on imgur.com


http://imgur.com/NwE5p0R”

Reddit users pointed out that Ola was using MD5 to hash passwords and relational databases. Read this on why MD5 is not a strong encryption for passwords.

It’s important to note that while Ola might claim that this was on a staging environment, the screenshots do appear to have user data.

Update: Ola says it was dummy user data

Ola’s previous wallet exposure

In March this year, Medium user Shubham Paramhans had pointed out vulnerabilities in the Ola wallet. Paramhans said that while booking a cab, he saw OLA API calls going through his phone. On tweaking the APIs, Paramhans was able to break into Ola’s money transaction system, allowing him to recharge his Ola wallet with any amount.

Readers would like to note that Ola does not use the HTTPS, a security protocol used for adding SSL/TLS security over the HTTP protocol, ultimately to protect data exchanged.

Previous Ola developments:

– In April, Ola (formerly Olacabs) raised $400 million in a Series E round of funding led by DST Global with participation from GIC, Falcon Edge Capital and existing investors SoftBank Group, Tiger Global, Steadview Capital and Accel Partners US. In the same month, Ola raised $315 million funding led by DST Global, with participation from existing investors Tiger Global, Accel Partners and Steadview Capital.

– In March, Ola had appended its load screen image, which was used without permission from a Flickr user based in the US. The company later provided credits to the user Praveen PN after he posted it on Twitter.

– In the same month, Ola launched a food delivery service called OlaCafe for users to order food from nearby using the Ola app. The company claimed a delivery time of 20 minutes.

– It introduced cashless payments for rides on autorickshaws and kaali peeli taxis through their in-app wallet Ola Money across Hyderabad, Chennai, Pune, Ahmedabad, Delhi, Bangalore and Mumbai. Ola had mentioned then that over 40,000 autorickshaws and kaali-peeli taxis had been registered across India on its mobile application.

– In January, two of SoftBank funded cab booking services Ola and South East Asia-based GrabTaxi were in talks for a global taxi alliance to take on rival Uber. This alliance would include knowledge sharing and possibly cross-booking i.e. you could book a GrabTaxi cab from GrabTaxi using Ola’s mobile app and vice versa.

– Ola was reportedly foraying into grocery delivery as a business after it put up an advertisement on BabaJobs where they are looking to hire delivery executives in the Brookefields, Marathahalli, Koramangala and Channasandra areas of Bangalore.

– In February, Ola acquired its Bangalore-based rival TaxiForSure for $200 million in a cash and equity deal. Following the acquisition, Ola and TaxiForSure were expected to continue operations independently while TaxiForSure’s investors were expected to roll over their stock into Ola.

You May Also Like

News

Senior journalist and news anchor Nidhi Razdan was all set to start teaching at Harvard University this year. But it turns out she appears...

News

Cab aggregators such as Ola and Uber will now be able to pocket only 20% of fares as commission. Drivers will receive the lion’s...

News

The Indian government has amended the internet shutdown rules, formally known as the Temporary Suspension of Telecom Services Rules, to restrict the validity of...

News

Airtel, Reliance Jio, Jio Platforms, Ola, Uber and Truecaller have been summoned to depose before the Joint Parliamentary Committee on Personal Data Protection Bill...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to Daily Newsletter

    © 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ