Ola Cabs hacked by TeamUnknown; Credit Card data likely compromised

0
19

ola_cabs_logo

Among the fastest growing taxi hiring firms, Ola Cabs, the Indian Uber, based out of Mumbai providing Taxi booking facility through their app, website or through calls was recently exploited by TeamUnknown. Credit card details, previous user transaction history, and unused vouchers are likely compromised though not yet made its way to the public.

Recently we’ve seen Gaana.com has been hacked by a Pakistani hacker whom was taken into the team ( hired by Times’ CEO) and now Ola cabs hacked.

Claiming Ola to have a poor application design, and a weakly configured server, TeamUnknown posted to Reddit today 3 screenshots showing some of the data, table structures, and the SQL server’s hostname.

The passwords were hashed with the MD5 algorithm, which is probably not a very good idea to use given the computing prowess available today; while the database on the whole followed the relational database model. Some of the leaked data

f7qr5EN

NwE5p0R

It should be taken note however that this was the Development server of Ola. So, we can expect that they hopefully just had dummy data there, thus not causing much harm.

The main server is likely to be hosted someplace elsewhere secure, like the Amazon AWS which is much more difficult to break in. TeamUnknown has dropped by a mail to the Ola Team, but haven’t received a response yet. Ola being in denial is not a surprise move, since the exploited server being a development server with likely dummy data; and with Credit Card info, previous user transactions and even a ‘users_signatures’ table, we really hope it was all just dummy data!

UpdateOla Cabs released a statement – There has been no security lapse, whatsoever to any user data. The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes. We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data is paramount to us at Ola.