Taxi hailing app Olacabs has been reportedly hacked by a hacker group called ‘TeamUnknown’. The hacker group has posted the database structure of Olacabs on Reddit which show results of database query that includes a lot of names that appear to be related to Olacabs. The hacker added to the post that the hack was ‘a little tricky and involved many steps to get to the database.
According to the group, their goal was to merely expose OlaCab’s weak security and have reportedly said that they have no intention to use the data obtained, which includes credit card information, unused vouchers and the user database.
Their Application design is very poor and their development server is weakly configured. The hack was a little tricky and involved many steps to get to the database. Once we got to the database it was like winning a lottery. It had all the user details along with credit card transaction history and unused vouchers. The voucher codes are not even out yet. Its obvious that we wont be using credit card details and voucher codes. We dropped them a mail but no response from their side as of now. You can see the snapshots in the links given below. I am sure OLA might be having a security team of their own. Not that good it seems
Towards the end of the post, TeamUnknown claimed that they will not be using or exploiting credit card details and voucher codes and mocked Olacabs’s security team as ‘not that good it seems’.
Some of the snapshots included by TeamUnknown are posted below:
A fact to be noted is that this isn’t OlaCabs’ first ‘publicly out’ breach. Its previous system ‘hack’ came to surface in March 2015, two months after Shubham Paramhans noticed the glitch and several attempts to bring the OlaCab’s IT security team to fix the same. After waiting for more than sixty days, it wasn’t fixed and Shubham was forced to expose the same.
An official statement from Ola Cabs on 8th June 2015 reads the following:
There has been no security lapse, whatsoever to any user data. The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes. We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data is paramount to us at Ola.