P.J.
0
Ola Cabs Accidentally Reveals Customer Data To Chennai Girl, And Doesn't Care
August 30, 2015
Chennai girl Swapnil Midha was in for a surprise when she suddenly started recieving SMSs from Ola soon after booking an Ola cab. They were, as she described "alpha-numeric with hashes and made no sense..
."SMSs came throughout the night
swapnil midha | facebook
"My phone beeped throughout the night. 1:06, 2:34, 2:37, 2:38, 4:05, 5:17. I couldn't get my head around why these were coming at these times." When she rang up the call centre, as a concerned consumer, they gave a perfunctory 'We'll look into it' sort of message. She didn't receive any other follow up. "no further communication from them, no update, no email, just more garbled messages."
And the garbled messages didn't stop - she wrote on Facebook that there had been an estimated "300 and 400 texts".
Ola senior management ignored her
effecthackingOla senior management refused to speak to her when call centre employees were clueless, asking the usual scripted questions. No, I did not make any bookings. No, I did not give my number to anybody else. No, nobody stole my phone to make a booking. No, I did not share my contact number with the 100 odd people whose bookings you are sending me!" Since Ola was clueless, Midha began looking into what these messages could be.
"It turned out, Ola was sending me confirmation messages when other customers made a booking, in BANGALORE!...Hidden within the hashes I found mobile numbers, names and addresses....Ola was sharing with me, personal details of their customers throughout the day and throughout the night.
"She summed up why this was madness in one line:
"It's lucky I'm not a psychopath roaming the streets of Bangalore, waiting to get my hands on people's personal information and knowing when they are home and when they are not, isn't it!"
Ola went on to ignore the problem, despite emails, messages on Twitter, Facebook, and hours spent calling and explaining the issue to their customer care team. " I tweeted them, I wrote to them on Facebook, I sent more emails, I tried to reason with more people at their call centre. In the end, I began calling the customers themselves to tell them I was receiving their booking and all of their private details. They were all shocked and promised to complain to Ola. I will never know if they really did.
"Ola even ignored threats that she would complain about them to authorities and the TRAI
"Nothing seemed to work which makes you think - do they even care about protecting customer information? If they are sending all this to me, who are they sending MY booking details to? Whose number is receiving all of my data? Which creepy criminal knows my full name, my mobile number, my door number, my account details, when I'm home and when I'm out?
"Currently, Midha has a potentially dangerous database of people's travel histories, when they leave their house and when they come home. Here's a screenshot of the kind of
This is the second time this year that Ola Cabs security has been compromised.
Hacker group Teamunknown, in a Reddit post, has claimed that it hacked the Ola servers and gained access to customer data including sensitive credit card information.
Here's what Ola said in a statement to Indiatimes:
“We have been trying to establish contact with the customer who reported this and have not been able to do so. There has been a manual error on the entry of a driver's device number on our system, which is deeply regretted. We have fixed this instance by deleting the number from our database and are putting in place a verification procedure as well to avoid such instances in the future. We value the privacy of our users and will continue to take utmost care in terms of data security on the Ola platform.”
http://www.indiatimes.com/news/indi...a-to-chennai-girl-and-doesnt-care-244697.html
August 30, 2015
Chennai girl Swapnil Midha was in for a surprise when she suddenly started recieving SMSs from Ola soon after booking an Ola cab. They were, as she described "alpha-numeric with hashes and made no sense..
."SMSs came throughout the night
swapnil midha | facebook
"My phone beeped throughout the night. 1:06, 2:34, 2:37, 2:38, 4:05, 5:17. I couldn't get my head around why these were coming at these times." When she rang up the call centre, as a concerned consumer, they gave a perfunctory 'We'll look into it' sort of message. She didn't receive any other follow up. "no further communication from them, no update, no email, just more garbled messages."
And the garbled messages didn't stop - she wrote on Facebook that there had been an estimated "300 and 400 texts".
Ola senior management ignored her
effecthackingOla senior management refused to speak to her when call centre employees were clueless, asking the usual scripted questions. No, I did not make any bookings. No, I did not give my number to anybody else. No, nobody stole my phone to make a booking. No, I did not share my contact number with the 100 odd people whose bookings you are sending me!" Since Ola was clueless, Midha began looking into what these messages could be.
"It turned out, Ola was sending me confirmation messages when other customers made a booking, in BANGALORE!...Hidden within the hashes I found mobile numbers, names and addresses....Ola was sharing with me, personal details of their customers throughout the day and throughout the night.
"She summed up why this was madness in one line:
"It's lucky I'm not a psychopath roaming the streets of Bangalore, waiting to get my hands on people's personal information and knowing when they are home and when they are not, isn't it!"
Ola went on to ignore the problem, despite emails, messages on Twitter, Facebook, and hours spent calling and explaining the issue to their customer care team. " I tweeted them, I wrote to them on Facebook, I sent more emails, I tried to reason with more people at their call centre. In the end, I began calling the customers themselves to tell them I was receiving their booking and all of their private details. They were all shocked and promised to complain to Ola. I will never know if they really did.
"Ola even ignored threats that she would complain about them to authorities and the TRAI
"Nothing seemed to work which makes you think - do they even care about protecting customer information? If they are sending all this to me, who are they sending MY booking details to? Whose number is receiving all of my data? Which creepy criminal knows my full name, my mobile number, my door number, my account details, when I'm home and when I'm out?
"Currently, Midha has a potentially dangerous database of people's travel histories, when they leave their house and when they come home. Here's a screenshot of the kind of
Hacker group Teamunknown, in a Reddit post, has claimed that it hacked the Ola servers and gained access to customer data including sensitive credit card information.
Here's what Ola said in a statement to Indiatimes:
“We have been trying to establish contact with the customer who reported this and have not been able to do so. There has been a manual error on the entry of a driver's device number on our system, which is deeply regretted. We have fixed this instance by deleting the number from our database and are putting in place a verification procedure as well to avoid such instances in the future. We value the privacy of our users and will continue to take utmost care in terms of data security on the Ola platform.”
http://www.indiatimes.com/news/indi...a-to-chennai-girl-and-doesnt-care-244697.html
