wordpress blog stats
Connect with us

Hi, what are you looking for?

Ola claims hack was on staging environment, no user data exposed


In response to MediaNama’s query regarding a claim that Ola, a cab and auto booking service, had been hacked, the company said that the alleged hack was on a staging environment, exposed for a test run, and not its main site. The full statement:

There has been no security lapse, whatsoever to any user data. The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes. We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data is paramount to us at Ola.”

A Reddit user called ‘TeamUnknown’ had posted a claim it had all the user details along with credit card transaction history and unused vouchers. The claim:


“Their (Ola’s) Application design is very poor and their development server is weakly configured. The hack was a little tricky and involved many steps to get to the database. Once we got to the database it was like winning a lottery. It had all the user details along with credit card transaction history and unused vouchers. The voucher codes are not even out yet. Its obvious that we wont be using credit card details and voucher codes. We dropped them a mail but no response from their side as of now. You can see the snapshots in the links given below. I am sure OLA might be having a security team of their own. Not that good it seems 😉

View post on imgur.com

View post on imgur.com


Advertisement. Scroll to continue reading.

Reddit users pointed out that Ola was using MD5 to hash passwords and relational databases. Read this on why MD5 is not a strong encryption for passwords.

It’s important to note that while Ola might claim that this was on a staging environment, the screenshots do appear to have user data.

Update: Ola says it was dummy user data

Ola’s previous wallet exposure

Advertisement. Scroll to continue reading.

In March this year, Medium user Shubham Paramhans had pointed out vulnerabilities in the Ola wallet. Paramhans said that while booking a cab, he saw OLA API calls going through his phone. On tweaking the APIs, Paramhans was able to break into Ola’s money transaction system, allowing him to recharge his Ola wallet with any amount.

Readers would like to note that Ola does not use the HTTPS, a security protocol used for adding SSL/TLS security over the HTTP protocol, ultimately to protect data exchanged.

Previous Ola developments:

– In April, Ola (formerly Olacabs) raised $400 million in a Series E round of funding led by DST Global with participation from GIC, Falcon Edge Capital and existing investors SoftBank Group, Tiger Global, Steadview Capital and Accel Partners US. In the same month, Ola raised $315 million funding led by DST Global, with participation from existing investors Tiger Global, Accel Partners and Steadview Capital.

– In March, Ola had appended its load screen image, which was used without permission from a Flickr user based in the US. The company later provided credits to the user Praveen PN after he posted it on Twitter.

– In the same month, Ola launched a food delivery service called OlaCafe for users to order food from nearby using the Ola app. The company claimed a delivery time of 20 minutes.

Advertisement. Scroll to continue reading.

– It introduced cashless payments for rides on autorickshaws and kaali peeli taxis through their in-app wallet Ola Money across Hyderabad, Chennai, Pune, Ahmedabad, Delhi, Bangalore and Mumbai. Ola had mentioned then that over 40,000 autorickshaws and kaali-peeli taxis had been registered across India on its mobile application.

– In January, two of SoftBank funded cab booking services Ola and South East Asia-based GrabTaxi were in talks for a global taxi alliance to take on rival Uber. This alliance would include knowledge sharing and possibly cross-booking i.e. you could book a GrabTaxi cab from GrabTaxi using Ola’s mobile app and vice versa.

– Ola was reportedly foraying into grocery delivery as a business after it put up an advertisement on BabaJobs where they are looking to hire delivery executives in the Brookefields, Marathahalli, Koramangala and Channasandra areas of Bangalore.

– In February, Ola acquired its Bangalore-based rival TaxiForSure for $200 million in a cash and equity deal. Following the acquisition, Ola and TaxiForSure were expected to continue operations independently while TaxiForSure’s investors were expected to roll over their stock into Ola.

Advertisement. Scroll to continue reading.
Written By

I'm a MediaNama alumna from 2015-16 (remember TinyOwl?) now back to cover e-services like food and grocery delivery, app based transport and policies, platforms and media in India.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.


The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...


By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...

You May Also Like


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ