A hacker group by the name Team Unknown has claimed that they successfully hacked into OlaCabs and managed to get access to sensitive information like credit-card history, vouchers, user behaviour. Ola has denied these claims.
According to the post, which was shared on Reddit, the hackers put out snapshots which showcased credit cards and voucher codes, and claimed that OlaCabs’ “application design is very poor and their development server is weakly configured” which is what made the hack successful.
The post says. “The hack was a little tricky and involved many steps to get to the database. Once we got to the database it was like winning a lottery. It had all the user details along with credit card transaction history and unused vouchers. The voucher codes are not even out yet.”
The hackers said they had not intention of misusing the credit card or voucher codes and had even emailed OlaCabs but had got no response from them.
Meanwhile Ola has replied to the claims of the hacker and said that “there has been no security lapse, whatsoever to any user data.”
According to Ola, “The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes.”
“We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data is paramount to us at Ola, ” the company added.
While Ola says that this is just a staging environment, the snapshots have revealed sensitive information like what database OlaCabs is using (in their case MySql), and given that this was accessed is still a security concern for the app and portal.