Rapido, an Indian ride-hailing platform, has addressed a security vulnerability that exposed sensitive personal information of its users and drivers. According to reports, The flaw, discovered by security researcher Renganathan P, was linked to a feedback collection form used by Rapido for its auto-rickshaw services. The form had inadvertently exposed full names, email addresses, and phone numbers of individuals, according to details provided by the researcher and verified by the report.
The researcher explained that the exposed data came from one of Rapido’s APIs, which was used to collect and share feedback with a third-party service. The breach was verified by submitting a generic message through the form, which was soon visible in the exposed portal.
By Thursday, the portal had more than 1,800 responses, many of which included drivers’ phone numbers and some email addresses. The researcher warned that this leak could have led to scams, with potential for social engineering attacks or the data being sold on the dark web.
Following the inquiry, Rapido made the portal private, reportedly the company’s CEO Aravind Sanka confirmed the issue, stating that the survey links had inadvertently reached some unintended users.
