Among the fastest growing taxi hiring firms, Ola Cabs, the Indian Uber, based out of Mumbai providing Taxi booking facility through their app, website or through calls was recently exploited by TeamUnknown. Credit card details, previous user transaction history, and unused vouchers are likely compromised though not yet made its way to the public.
Recently we’ve seen Gaana.com has been hacked by a Pakistani hacker whom was taken into the team ( hired by Times’ CEO) and now Ola cabs hacked.
Claiming Ola to have a poor application design, and a weakly configured server, TeamUnknown posted to Reddit today 3 screenshots showing some of the data, table structures, and the SQL server’s hostname.
The passwords were hashed with the MD5 algorithm, which is probably not a very good idea to use given the computing prowess available today; while the database on the whole followed the relational database model.
Update: Ola Cabs released a statement – There has been no security lapse, whatsoever to any user data. The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes. We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data is paramount to us at Ola.