Hackers have found the SQLinjection vulnerability on the Ola Cabs app and they have exploited the vulnerability to gain the database access. Hackers have posted screenshot image of the accessed database which confirms the hack.
On Reddit hackers wrote -
Their Application design is very poor and their development server is weakly configured. The hack was a little tricky and involved many steps to get to the database. Once we got to the database it was like winning a lottery. It had all the user details along with credit card transaction history and unused vouchers. The voucher codes are not even out yet. Its obvious that we wont be using credit card details and voucher codes. We dropped them a mail but no response from their side as of now. You can see the snapshots in the links given below. I am sure OLA might be having a security team of their own. Not that good it seems ;) .Below is the screenshot posted by the hackers which claims that they have accessed the Ola Cabs database.
This is not the first time that Ola service have been hacked, earlier also hackers have hacked Ola, but unfortunately this time hackers have gained access to the service database and also got access to credit card details and transaction history and un-used vouchers- hackers claim.
Hackers "TeamUnknown" have mentioned that they have contacted the Ola Cab team and notified about the vulnerability, but company didn't response. For POC they have also posted a image showing there reporting.
Unfortunately we have got different response from the Ola Cab side, as in the official statement company denies of the data breach.
They says -
There has been no security lapse, whatsoever to any user data. The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes. We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data is paramount to us at Ola.Just a couple of weeks ago, same type of breach we have notify. Hacker from Pakistan "MakMan" have hacked the India popular music streaming service "Gaana.com" and access to the users database.