Ola Cabs reportedly sending private user information to others

According to a Facebook post from an Ola Cabs user, the company sent her details of more than 300 other users in last three weeks

Published Date
31 - Aug - 2015
| Last Updated
31 - Aug - 2015
 
Ola Cabs reportedly sending private user information to others

In a fresh round of controversies relating Ola Cabs, Bangalore-based girl Swapnil Midha posted on Facebook that Ola has sent her details of more than 300 other users. However, the company has responded to her yesterday, claiming that the issue has been fixed. To look in more detail, here is what happened over the past three weeks.

According to her post, Midha booked a cab in Bangalore from Ola approximately three weeks ago, and since then, she started receiving texts from ‘VM-OLACAB’ containing information of other similar users. The information is in alphanumeric form with hashes, but the name, location, and contact number of users can easily be figured out. She mentioned that what’s more surprising for her is that Ola did not take any action despite being informed repeatedly. She claims that she has received more than 300 texts containing information of other users who have used the Ola Cabs app in the past three weeks. She has also posted a screenshot of the texts that she has received from Ola, containing the information. 

Ola Cabs Leaked Over 100 Customers' Personal Data To Me and They Don't CarePlease share if you live in Bangalore! In... Posted by Swapnil Midha on Saturday, August 29, 2015

In response to the issue, Ola Cabs has said, "“The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes.”

However, this is not the first instance when Ola has been a part of controversies related to its users’ data getting compromised. Previously, a hacker group ‘TeamUnknown’ posted on Reddit, detailing on how they hacked into Ola’s database, extracting credit card transaction history and list of unused vouchers. As mentioned by the hacker group, Ola has a poor application design and its servers are weakly configured. Additionally, the Delhi Government has yet again rejected its application for obtaining operational license.