If you are a frequent user of Olacabs, there is a good chance that your personal information has been compromised. A hacker group that goes by the name "Team Unknown" announced on Reddit that it had managed to get its hands on some highly confidential information on Olacabs users, including their credit cards, transactions and unused voucher codes. The hack should not worry the users as the people behind this have assured that they do not plan on exploiting any information, but simply wish to send out a message to OLA about the lax security of their mobile application.
According to Team Unknown's post on Reddit, getting into the Olacabs' database was "little tricky and involved many steps", but the end result was equivalent to winning a lottery. Confidential details such as credit card transaction history and unused voucher codes were exposed. Just to prove their claim, Team Unknown posted screenshots of the hacked Olacabs database.
The screenshots posted by Team Unknowns reveal list of users and employees' email addresses along with their phone numbers. But the final screenshot is of major concern as it depicts MySQL codes that are capable of pulling up any information from Ola database, TRAK reported.
The motive behind the hack wasn't to take advantage of users' financial information but to demonstrate how weak Olacabs security is through mobile application. The hackers said the app design is "very poor" and the development server is "weakly configured." The group notified Olacabs about the hack, but hasn't heard anything from the security team.
Concluding the post, TeamUnknown mocked Ola and said, "I am sure OLA might be having a security team of their own. Not that good it seems ;)"
On the other hand, Olacabs denied any security lapse or breach on its servers.
"The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes," Ola said in a statement to Indian Express.
"We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data is paramount to us at Ola," the taxi provider added.