Indian car rental major Olacabs has been reportedly hacked by a hacker group named TeamUnknown. The group on a popular content-sharing site Reddit claimed that they had managed to get access to the user details like credit card information, transaction history, and unused vouchers.
The anonymous group in a post says, Their Application design is very poor, and their development server is weakly configured. The hack was a little tricky and involved many steps in getting to the database. Once we got to the database, it was like winning a lottery. It had all the user details, credit card transaction history, and unused vouchers. The voucher codes are not even out yet.
It’s obvious that we won’t be using credit card details and voucher codes. We dropped them a mail but no response from their side as of now. You can see the snapshots in the links given below. I am sure OLA might have a security team of their own. Not that good, it seems ;).”
As proof, TeamUnknown shared a screenshot of the acquired database. The group also claimed they had contacted Ola but have not received any response from the company. In a Twitter post, Ola has denied any kind of security breach of its server and assures user data is safe and secure.
Here is the statement from Ola about the security breach of its website, “There has been no security lapse, whatsoever to any user data. The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes. We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data are paramount to us at Ola.”
Security & privacy of customer data is paramount to us at Ola. We confirm that there’s been no attempt by the hackers to reach out to us(4/4)
Though the group claimed user data, new promotional codes claim that they don’t have any intention of misusing the credit card numbers or voucher codes.