App-based taxi hailing service Ola has been allegedly hacked by a hacker group that goes by the name TeamUnknown. The group posted a message on Reddit claiming that they were able to access Ola’s database that had all user details including credit card transaction history and unused vouchers.
The group said that some of the voucher codes were not even out but stated that they won’t misuse the credit card numbers or voucher codes. They mentioned that they had informed Ola about the breach but the company did not respond to their mail.
TeamUnknown also posted three screenshots of the database including the one that features e-mail IDs of Ola employees and voucher codes.
Here’s the text of the original message posted by the group:
“Their Application design is very poor and their development server is weakly configured. The hack was a little tricky and involved many steps to get to the database. Once we got to the database it was like winning a lottery. It had all the user details along with credit card transaction history and unused vouchers. The voucher codes are not even out yet. Its obvious that we wont be using credit card details and voucher codes. We dropped them a mail but no response from their side as of now. You can see the snapshots in the links given below. I am sure OLA might be having a security team of their own. Not that good it seems ;)”
Ola has denied that its database has been breached and has said that the hacker group has not contacted the company. It does admit that the test server, which is used internally, had been hacked. The user values were dummy characters and no customer information was compromised, as per the company.
Here’s the statement issued by Ola:
“There has been no security lapse, whatsoever to any user data. The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes. We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data is paramount to us at Ola.”
Source : Times Of India