A security researcher discovered a vulnerability in an auto-rickshaw service feedback collection form used by the Indian ride-hailing platform, exposing sensitive personal information of its users and drivers. The data leak, verified by submitting a generic message through the form, included full names, email addresses, and phone numbers. After receiving reports, the company's CEO confirmed the issue and made the portal private, potentially preventing scams or data selling on the dark web.
Auto-Rickshaw Service Feedback Form Vulnerability Exposes Sensitive User Data
Background Auto-rickshaws are a common and affordable mode of transportation in India. Ride-hailing platforms have made it easier to book and track auto-rickshaws, but these services also collect user data to improve their operations.
Vulnerability Discovery Recently, a security researcher discovered a vulnerability in the feedback collection form used by a popular Indian ride-hailing platform. The form was accessible to anyone with an internet connection and allowed users to submit feedback without any authentication or validation.
Data Exposure By submitting a generic message through the form, the researcher was able to access sensitive personal information of users and drivers, including:
Company Response After receiving reports about the vulnerability, the platform's CEO confirmed the issue and immediately made the feedback portal private. This action potentially prevented scammers or malicious actors from exploiting the data or selling it on the dark web.
Top 5 FAQs
1. What caused the vulnerability? The vulnerability was caused by a lack of authentication and validation in the feedback collection form, allowing anyone to submit data without any checks.
2. What kind of data was exposed? The exposed data included full names, email addresses, and phone numbers of users and drivers.
3. Who was affected by the vulnerability? Anyone who submitted feedback through the form was potentially affected by the vulnerability.
4. What measures were taken to address the issue? The platform's CEO confirmed the issue and immediately made the feedback portal private, potentially preventing further data exposure.
5. Are there any ongoing investigations into the incident? There is no information available regarding ongoing investigations into the incident.
In order to stay competitive with AI-focused rivals like OpenAI, Google CEO Sundar Pichai announces a reduction in Google's managerial workforce during an internal meeting. The decision is part of the company's overall restructuring efforts, with some roles being transitioned to individual contributors and others being eliminated. Pichai also addresses the need to update Google's culture and values to align with modern challenges. The use of AI in consumer products from companies like Google and OpenAI is on the rise, despite concerns about the lack of guardrails in developing this technology.
Cyber Monday weekend continues to bring amazing deals, including the lowest price ever for the Apple Airpods Pro 2 at just $154 only at Walmart. Echelon's original Peloton competitor, the connected bike, is also on sale at a stunningly low price of just $497, making it a great alternative for those on a budget. And for fitness enthusiasts, the best adjustable dumbbells are also available for a heavily discounted price at AliExpress, beating other retailers by over $100. Don't miss out on these incredible tech deals for Cyber Monday!
Are you tired of running the lengthy tex auto-discovery process every time you use Lyx for document processing? Look no further! This innovative Docker image description consisting of Texlive and Lyx will save you time and resources by allowing you to run Lyx in batch mode and re-tag the image after building, thus preventing the auto-discovery process. With improved efficiency and convenience, this solution is perfect for all your document processing needs.
Vim-Lyx-Layout is a syntax highlighter for vim that is specifically designed to make the development of LyX modules and layout files more user-friendly. Developed by a LyX enthusiast, the tool aims to simplify the process of writing documents in LyX by providing wrappers around TeX/LaTeX classes. It is currently a work-in-progress but users can start using it now and provide feedback for future improvements. The developer also invites users to submit patches and follow the git-flow model for collaboration.
Discover the limitless possibilities of Create mod with the newest add-on, Create: Let The Adventure Begin. This innovative extension brings naturally generating structures and new mod features to enhance your exploration and gameplay. Get ready for an exciting adventure as you explore and learn about the power of sails and windmill bearings with the help of rare structures like the windmill. Don't miss out on this opportunity to elevate your Create mod experience.
The X200 Pro, featuring a powerful telephoto lens and high-quality sensor, is Vivo's latest addition to its X-series lineup. Priced at Rs 94,999, this phone promises to deliver crisp and natural shots that are comparable to DSLR photography. With its impressive performance and innovative features, the X200 Pro sets a new standard for smartphone cameras.
Ola Electric is poised to significantly increase its presence with the expansion of its sales and service network to 4000 stores on December 25th. This move will bring their affordable and top-notch electric vehicles within reach to Indians across major cities and towns. With the aim to provide accessibility to all, Ola Electric's founder Bhavish Aggarwal vows to have a store and service centre in every town, city, tehsil, and taluka. This expansion will also help address customer servicing issues and further promote the usage of EVs by highlighting the cost-saving benefits of up to Rs 4,000 per month.
RWA Inc, a leader in Real World Asset tokenization, is expanding its ecosystem with the development of a L2 blockchain and DEX. This initiative aims to create an end-to-end ecosystem specifically for RWA and DePIN projects, providing scalable and secure solutions at minimal cost. Additionally, RWA Inc plans to launch a chain-agnostic Security Marketplace in 2025, offering users a central hub to buy, sell, and manage tokenized assets and expand the vision of a global investment opportunity.
The text belongs to the Entertainment category. Title: Bigg Boss 18: Vivian Dsena breaks alliance with Shilpa Shirodkar In the latest episode of Bigg Boss 18, the alliances within the house are crumbling as tensions rise. Vivian Dsena surprised everyone by nominating his close friend Shilpa Shirodkar this week. She expresses her disappointment over his decision and says she will no longer speak to him. Later, she tells her other friends that Vivian had formed a negative perception of her and her explanations would not change that. The rift in their friendship began after Vivian's wife's feedback during Weekend Ka Vaar, where he questioned Shilpa's loyalty towards him.