• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News
Leaks

Unsecure Server Exposed Private Data of Popular Ride-Hailing Service

November 14th, 2017 Uzair Amir Leaks, Privacy, Security 0 comments
Unsecure Server Exposed Private Data of Popular Ride-Hailing Service
Share on FacebookShare on Twitter

Ride-hailing apps are currently in vogue now, there are countless small to large startups that are providing apps such as Uber and Lyft that are able to access confidential personal information on a daily basis. Users of these apps are required to provide explicit personal details about their whereabouts and destinations, which is nothing out of the ordinary as this is required for fulfillment of the service. However, it becomes the responsibility of the company to safeguard user’s private information and keep it private, and if it doesn’t happen then, the users will be in great danger.

The same has happened with Fasten, a Boston based ride-hailing service provider firm. According to the findings of Kromtech Security Center researchers, there is a misconfigured Apache Hive database containing data of Fasten customers and offers public access to the information. It is worth noting that Fasten covers two key markets in the US namely Austin, Texas and Boston, Massachusetts and reportedly, about 50% of Boston’s and 90% of Austin’s travelers use its service primarily because the company offers comparatively lower rates than its competitors.

As per Kromtech Security, the misconfigured server was left unsecured, which is why not only end-users but anyone with an internet connection could access the internal data, driver records, customer records and similar confidential data of Fasten. Researchers assessed that customer data of nearly 1 million users on the Fasten mobile app, thousands of driver profiles, the unique 15 digit IMEI code of mobiles where its app is installed, email IDs, picture links, phone numbers, names and the last 4 digits of customers’ debit/credit cards have been exposed. The data also included taxi routes, driver notes and location coordinates, drivers’ car registration information, details about license plates and links to pictures of the vehicles too.

Researchers noted that soon after they notified Fasten about the database, the company quickly secure the data and removed the database from public access. Gizmodo, on the other hand, revealed that out of a sample of five thousand rides, nearly 6% were directly linked to the Austin Convention Center’s GPS coordinates and if the entire database is analyzed, then it may contain data of over 16,000 SXSW related rides. It must be noted that Fasten was the official service at this year’s South By Southwest festival, which was held in Austin since Uber and Lyft were officially banned at that timeframe in Austin.

[fullsquaread][/fullsquaread]

Fasten’s Corporate Communications head Jennifer Borgan stated that this database was created on 11th October and that it didn’t contain sensitive customer and driver data. Borgan further explained that the database was open for 48 hours before its deletion. The company has vowed to take necessary steps for updating its security protocols to ensure that such incidents never occur.

“We have already taken steps to update our security protocols to ensure this does not happen again. In this instance, old production data was uploaded to the test cluster by mistake. Going forward, these processes will be managed only by security engineers with specific expertise in this area,” stated Borgan.

Fasten claims that the data although was exposed for 48 hours but there is no evidence that someone accessed it. Kromtech’s chief communications officer Bob Diachenko stats that the database has exposed about a year’s worth of data related to customer pick-up and drop-off points. He further stated that such massive data exposure could prove to be devastating for the company and the users because cybercriminals may use it to monitor everyday activities of individuals and spy upon them.

Therefore, Diachenko believes that this breach must be taken as a warning and “wake up call” by the ride-hailing industry as these operate successfully due to the data they receive from customers. If users feel that their shared information might get exposed, then they will avoid using their services.

  • Tags
  • Data
  • Fasten
  • internet
  • LEAKS
  • Lyft
  • Privacy
  • security
  • Technology
  • Uber
Facebook Twitter LinkedIn Pinterest
Previous article Someone hacked N. Korean Radio Station to Play "The Final Countdown"
Next article Texas National Guard secretly installed spying devices on surveillance aircrafts
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

47
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

80
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

107

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us