Ola Cabs Hacked…Again! Credit Card, Transaction Details & Voucher Codes Out In The Open
[Updated: Statement from Ola Cabs]
A hacker group has announced on Reddit that they have hacked Ola Cabs database, and have access to critical information such as credit card details, transaction history and voucher codes (unused).
The hackers announced on Reddit, “Once we got to the database it was like winning a lottery. It had all the user details along with credit card transaction history and unused vouchers. The voucher codes are not even out yet..”
Although this unknown hacker group has assured everyone that they won’t be using or saving any credit card details and unused voucher codes, there exist immense apprehensions after this announcement of hacking.
Calling themselves ‘Team Unknown’, this hacker group has posted three screenshots of the data base which allegedly belongs to Ola Cabs:
As we can see in the first screenshot, hackers have access to email ids of various employees and users, phone numbers and named. In the second screenshot, the hacker has shown that he can access all major tables inside the database such as user preferences, user details and transaction history. The third screenshot depicts MySQL codes which can retrieve any information he or she wants from Ola database.
‘Team Unknown’ has claimed that they have contacted Ola Management about this hack, but as of now, they have received no notifications from them.
Lastly, their announcement said, “I am sure OLA might be having a security team of their own. Not that good it seems ;) “
Last month, Gaana.com was hacked by a Pakistani hacker, but he decided to leave the users’ information, as his main goal was to expose the vulnerability of the portal. But such noble instances are not repeated every time.
In May this year, Shubham Paramhans, a tech enthusiast had shared how he hacked Ola Wallet, and collected huge amounts as free recharge. In his blog, he had said, “Breaching Ola was one of the easiest kind of hacks possible, and a part of me is disagreeing with the part that describes it as a hack.”
After a month of his ‘exploits’, the security team from Ola corrected the issue, and also thanked him for bringing out the flaws.
But the question is, will this recent hacking attempt will also end happily? Or we can assume that our crucial financial and personal information is now out in the dark markets of Internet, where they are sold and re-sold for spamming and other purposes?
We will keep you updated as more information comes in.
Here is a statement from Ola cabs in regards to this.
There has been no security lapse, whatsoever to any user data. The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes. We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data is paramount to us at Ola.
[Suggested Reading: Ola Ka Gola: Olacabs Billing Issues]
[Via]
[…] quite a risk: Ola is banned in Delhi, and High Court has asked for fresh license application; their database was hacked recently, and there has been no news about upgrading their security (Ola Store doesn’t seek […]
As seen the hostname is olacabs-dev.in.
Which means they did not get access to the DB on the Production(or live).
There would be better security permissions for the production of course..
“olacabs-dev.in”?
They hacked the Development environment? Did that have true production data? Just wondering…
These examples shows you that wallets like Paytm, Ola and others are not safe. First it was hack from pakistani guy and now from indian guy. Last time no data was touched. This time we don’t know if it was touched or not. In short, consumers should stop trusting wanna-be startups with wallets who say their backend is safe because its not.
They did not take the lesson from the hack in March.
It is the time for them to have External Code Audit.. to make sure all security loop holes are covered.. The best way to get good product out is external people challenge internal people.. provided management has guts to put it that way..