Rapido has rectified a significant security vulnerability that revealed sensitive information about its users and drivers. A recent report indicated that a feedback form intended for Rapido’s clientele was inadvertently exposing personal details, including full names, email addresses, and phone numbers. This flaw was identified by a security researcher who discovered the problematic portal.
Rapido Secures Vulnerable Portal Following Discovery by Security Researcher
According to a report from TechCrunch, security researcher Renganathan P uncovered a flaw associated with a feedback collection website for Rapido drivers and users. The issue stemmed from an application programming interface (API) that managed the transmission of user feedback to an external service.
This exposed portal was compromising the personal data of both users and drivers, allowing access to email addresses, phone numbers, and names used during feedback submissions. The report highlighted that approximately 1,800 entries, including this personal information, were vulnerable.
TechCrunch confirmed the data exposure by submitting data through the same feedback form, affirming that the portal’s user information was indeed visible. Following this discovery, Rapido promptly addressed the security issue by restricting access to the portal, rendering it private.
Rapido’s CEO, Aravind Sanka, stated, “While this is being managed by external parties, we have come to understand that the survey links have reached some unintended users from the public,” emphasizing the urgency of addressing the situation to protect user privacy.
