Ola Cabs has rejected claims of its service being hacked and that users profile and credit card details were compromised. Ola said that there was no security lapse, stressing security and privacy of its customer data was “paramount”.
In a statement, Ola said: "There has been no security lapse, whatsoever to any user data. The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes. We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data is paramount to us at Ola."
Earlier, an anonymous hacker group has claimed that it has hacked Ola Cabs and accessed its Ola Cabs' user database. The group claims that the main purpose of the hack was to expose the vulnerabilities of the company's security system. The hacker group called TeamUnknown has posted on Reddit that hacking the website was like "winning a lottery." The group also claims that it has sent an email to Ola Cabs to show the weakness, but has got no response from the company as yet. The hacked has posted three screenshots of the data base which allegedly belongs to Ola Cabs. The first screenshot allows hackers accessed the email ids of various employees and users, phone numbers and named. the second screenshot shows access to all major tables inside the database including user details, preferences as well as transaction history. The third screenshot shows MySQL codes can be used to retrieve any information about users from Ola's database.
The hackers announced on Reddit, “Once we got to the database it was like winning a lottery. It had all the user details along with credit card transaction history and unused vouchers. The voucher codes are not even out yet..” Lastly, their announcement said, “I am sure OLA might be having a security team of their own. Not that good it seems ;) “
Earlier this year, Shubham Paramhans, a tech enthusiast had hacked Ola Wallet. In his blog, he had said, “Breaching Ola was one of the easiest kind of hacks possible, and a part of me is disagreeing with the part that describes it as a hack.” A month after the hack, Ola's security team has thanked him for bringing the flaws to the company's notice and had claimed that it had corrected the issue.
Last month, a Pakistani hacker group had hacked Gaana.com to expose the vulnerabilities in the portal. 'Mak Man' had announced his exploit via his Facebook page and had also uploaded the database containing critical details of more than 10 million Gaana.com users including their email addresses, passwords, DOB as well as their Facebook and Twitter profile details. The hacker had stated that the user data was not copied or downloaded, but was used to expose the vulnerabilities of the website, which were later patched by the company.