NewsBytes
    Hindi Tamil Telugu
    More
    In the news
    Narendra Modi
    Amit Shah
    Box Office Collection
    Bharatiya Janata Party (BJP)
    OTT releases
    Hindi Tamil Telugu
    NewsBytes
    User Placeholder

    Hi,

    Logout


    India Business World Politics Sports Technology Entertainment Auto Lifestyle Inspirational Career Bengaluru Delhi Mumbai Visual Stories Find Cricket Statistics Phones Reviews Fitness Bands Reviews Speakers Reviews

    Download Android App

    Follow us on
    • Facebook
    • Twitter
    • Linkedin
     
    Home / News / Technology News / OYO caught leaking personal customer data, phone numbers
    OYO caught leaking personal customer data, phone numbers
    Technology

    OYO caught leaking personal customer data, phone numbers

    Written by Shubham Sharma
    October 02, 2019 | 11:22 am 3 min read
    OYO caught leaking personal customer data, phone numbers

    India's popular hotel and homestay chain OYO is facing flak for leaving the personal data of its customers exposed. The service, which is owned by 25-year-old Ritesh Agarwal, was caught exposing confidential information, including the phone numbers of customers as well as their booking details, at a partner hotel. However, it says that the issue has now been resolved. Here's more on the matter.

    Security flaw leaked customer data, says cyber expert

    During a recent OYO stay, cybersecurity expert Jay Sharma spotted an issue with the Wi-Fi login system of his hotel. He noted that the vulnerability can be exploited with a brute force attack to extract data starting from customer Booking IDs and phone numbers to the date and location of booking. "All the historical data dating back to few months was accessible," he claimed.

    What was the issue that exposed this data?

    In the hotel, Sharma found that OYO's Wi-Fi login required customers to enter their Booking ID, number. On digging into it, he discovered that "the http & ssh ports were open with no rate limit for the IP which was hosting this. Captcha was a 5 digit number generated by math.random()." This allowed him "to brute force the login credentials while executing the captcha".

    Here's what he said about danger from the vulnerability

    "The booking IDs and phone numbers related to these IDs with timestamps were stored naked and all of it could be downloaded," Sharma said, adding that "you could compute on the data to extract OYO couples living in a room, phone numbers, social information etc."

    OYO fixed the issue after Sharma's report

    When Sharma reported the issue to OYO, the company issued a fix for the vulnerability and paid him a reward of Rs. 25,000. A spokesperson told ET that the flaw was restricted to a single property and was fixed immediately after disclosure. "Any vulnerability, no matter how limited-time or small is taken very seriously and looked into," the representative added.

    Statement from OYO on their security practices

    "We employ and invest heavily in the best in industry cybersecurity mechanisms including in-house security operation centers, internal and external vulnerability scans and network penetration tests, training developers on secure development practices amongst others," the OYO spokesperson further added.

    Many details still remain unclear, company facing flak

    Even though the issue has been fixed, many details remain unclear, including how many customers' information was leaked and if anyone else (before Sharma) had access to this data. To note, the vulnerability, which risked location and other details of guests, has already triggered a wave of criticism against the company, which has been touting itself as a 'couple-friendly' place to stay.

    Share this timeline
    Facebook
    Whatsapp
    Twitter
    Linkedin
    Related News
    India
    Security
    Ritesh Agarwal

    India

    #GandhiJayanti: PM Modi will declare India 'Open Defecation-Free' Narendra Modi
    Why should you do CIMA after Chartered Accountancy? Institute of Chartered Accountants of India (ICAI)
    ASUS ROG Phone 2 sold out in first sale Asus
    Vivo announces price cuts on these Y series smartphones MediaTek

    Security

    iOS exploit puts millions of iPhones at risk: Details here iPhone
    Google removes nearly 50 apps from Chinese developer: Details here Google
    WhatsApp's 'Delete for everyone' option doesn't work for some users iPhone
    Now, YouTube will show comment history of users: Here's why YouTube

    Ritesh Agarwal

    OYO founder Ritesh booked for cheating hotelier of Rs. 1cr OYO Rooms
    Five successful CEOs in India who are not even graduates India
    OYO raising $1.5 billion from founder Ritesh Agarwal, SoftBank, others India
    Pay back time: OYO is making its early-stage investors rich India
    Next News Article

    Love Technology News?

    Subscribe to stay updated.

    Science Thumbnail
    Indian Premier League (IPL) Celebrity Hollywood Bollywood UEFA Champions League Tennis Football Smartphones Cryptocurrency Upcoming Movies Premier League Cricket News Latest automobiles Latest Cars Upcoming Cars Latest Bikes Upcoming Tablets
    About Us Privacy Policy Terms & Conditions Contact Us Ethical Conduct Grievance Redressal News News Archive Topics Archive Download DevBytes Find Cricket Statistics
    Follow us on
    Facebook Twitter Linkedin
    All rights reserved © NewsBytes 2023