New Delhi: Online taxi hailing service Ola’s website was today hacked with attackers claiming to have accessed user information like credit card details, a claim that the firm vehemently denied, saying there was no security lapse and only “dummy” user values had been compromised.
The unknown hackers, who called themselves ‘TeamUnknown’, put out a webpost under the head “OLACABS.COM Hacked..!!” and said Ola’s “application design is very poor” and they had been able to access “user details along with credit card transaction history and unused vouchers”.
It was not clear if Ola’s mobile app was compromised or the attack was restricted to the website, with neither the hackers nor the company providing any details. The company, in an emailed response, said: “There has been no security lapse, whatsoever to any user data. The alleged hack seems to have been performed on a staging environmentwhen exposed for one of our test runs”.
“The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes. Security and privacy of customer data is paramount to us at Ola,” it added.
In the post on Reddit, the attackers said the “hack was a little tricky” and “once we got to the database it was like winning a lottery. Its obvious that we wont be using credit card details and voucher codes”.
The post also had three screenshots of the database, including the one that features e-mail IDs of Ola employees and voucher codes. They added that they had reached out to Ola but had not received any response.
Ola (formerly Olacabs) was founded in January 2011 by IIT Bombay alumni Bhavish Aggarwal and Ankit Bhati. Users across 100 cities can book over 150,000 vehicles, including auto-rickshaws in Bangalore, Delhi, Chennai, Pune, Ahmedabad, Hyderabad and Kaali-Peeli taxis in Mumbai.
The Softbank-backed firm recently acquired TaxiForSure, India’s second largest cab aggregator, which continues to operate as an independent brand.