Ola, one of India's elite startups and a fast-growing cabs aggregator, has denied a claim by hackers that they had breached its site and could access user data including credit card history and voucher codes. A group of anonymous hackers had made the claim, including screenshots, on a Reddit thread on Sunday.
"The hack was a little tricky and involved many steps to get to the database. Once we got to the database it was like winning a lottery. It had all the user details along with credit card transaction history and unused vouchers. The voucher codes are not even out yet. Its obvious that we wont be using credit card details and voucher codes. We dropped them a mail but no response from their side as of now," a user named TeamUnknown posted on Reddit on Sunday.
In March 2015, a hacker posted details on how he was able to recharge his wallet multiple times with the same order ID using Ola’s API.
Ola said in a response that the current claim was false and there had been no security lapse. The company said the screenshots appear to have been from a "staging environment", a process that mirrors the actual production environment. Developers use the staging environment to test their code.
There has been no security lapse, whatsoever to any user data. The alleged hack seems to have been performed on a staging environment when exposed for one of our test runs. The staging environment is on a completely different network compared to our production environment, and only has dummy user values exclusively used for internal testing purposes. We confirm that there has been no attempt by the hackers to reach out to us in this regard. Security and privacy of customer data is paramount to us at Ola.
Founded in 2010, Ola has raised over $600 million in funding over six rounds. Their last round of funding led by SoftBank raised $400 million at a valuation of $2.5 billion on April this year. It is caught in a fierce race for marketshare with the global app-aggregating giant, Uber.