Newsbytes
  • India
  • Business
  • World
  • Politics
  • Sports
  • Science
  • Entertainment
  • Auto
  • Lifestyle
  • Inspirational
  • Career
  • Bengaluru
  • Delhi
  • Mumbai
  • Videos
  • Find Cricket Statistics
Hindi
More
Newsbytes
Hindi
Newsbytes
User Placeholder

Hi,

Logout


India
Business
World
Politics
Sports
Science
Entertainment
Auto
Lifestyle
Inspirational
Career
Bengaluru
Delhi
Mumbai
Videos
Find Cricket Statistics

More Links
  • Videos

Download Android App

Follow us on
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
 
Home / News / Science News / OYO caught leaking personal customer data, phone numbers
  • Science

    OYO caught leaking personal customer data, phone numbers

    Shubham Sharma
    Written by
    Shubham Sharma
    Twitter
    Last updated on Oct 02, 2019, 11:22 am
    OYO caught leaking personal customer data, phone numbers
  • India's popular hotel and homestay chain OYO is facing flak for leaving the personal data of its customers exposed.

    The service, which is owned by 25-year-old Ritesh Agarwal, was caught exposing confidential information, including the phone numbers of customers as well as their booking details, at a partner hotel.

    However, it says that the issue has now been resolved.

    Here's more on the matter.

  • In this article
    Security flaw leaked customer data, says cyber expert What was the issue that exposed this data? Here's what he said about danger from the vulnerability OYO fixed the issue after Sharma's report Statement from OYO on their security practices Many details still remain unclear, company facing flak
  • Discovery

    Security flaw leaked customer data, says cyber expert

    Security flaw leaked customer data, says cyber expert
  • During a recent OYO stay, cybersecurity expert Jay Sharma spotted an issue with the Wi-Fi login system of his hotel.

    He noted that the vulnerability can be exploited with a brute force attack to extract data starting from customer Booking IDs and phone numbers to the date and location of booking.

    "All the historical data dating back to few months was accessible," he claimed.

  • Issue

    What was the issue that exposed this data?

  • In the hotel, Sharma found that OYO's Wi-Fi login required customers to enter their Booking ID, number.

    On digging into it, he discovered that "the http & ssh ports were open with no rate limit for the IP which was hosting this. Captcha was a 5 digit number generated by math.random()."

    This allowed him "to brute force the login credentials while executing the captcha".

  • Quote

    Here's what he said about danger from the vulnerability

  • "The booking IDs and phone numbers related to these IDs with timestamps were stored naked and all of it could be downloaded," Sharma said, adding that "you could compute on the data to extract OYO couples living in a room, phone numbers, social information etc."

  • Fix

    OYO fixed the issue after Sharma's report

  • When Sharma reported the issue to OYO, the company issued a fix for the vulnerability and paid him a reward of Rs. 25,000.

    A spokesperson told ET that the flaw was restricted to a single property and was fixed immediately after disclosure.

    "Any vulnerability, no matter how limited-time or small is taken very seriously and looked into," the representative added.

  • Quote

    Statement from OYO on their security practices

  • "We employ and invest heavily in the best in industry cybersecurity mechanisms including in-house security operation centers, internal and external vulnerability scans and network penetration tests, training developers on secure development practices amongst others," the OYO spokesperson further added.

  • Aftermath

    Many details still remain unclear, company facing flak

    Many details still remain unclear, company facing flak
  • Even though the issue has been fixed, many details remain unclear, including how many customers' information was leaked and if anyone else (before Sharma) had access to this data.

    To note, the vulnerability, which risked location and other details of guests, has already triggered a wave of criticism against the company, which has been touting itself as a 'couple-friendly' place to stay.

  • India
  • Security
  • Ritesh Agarwal
  •  
Latest News
  • Barack Obama, Bruce Springsteen team up with Spotify for podcast
    Barack Obama, Bruce Springsteen team up with Spotify for podcast
    Entertainment
  • Mi 11 Lite appears in live images, features detailed
    Mi 11 Lite appears in live images, features detailed
    Science
  • Nissan Magnite garners 40,000 bookings in India; production ramped up
    Nissan Magnite garners 40,000 bookings in India; production ramped up
    Auto
  • Netizens decode message hidden in NASA's Perseverance rover's parachute
    Netizens decode message hidden in NASA's Perseverance rover's parachute
    Science
  • Apple rumored to replace iPad mini with foldable iPhone
    Apple rumored to replace iPad mini with foldable iPhone
    Science
Related Timelines
  • Edureka e-learning platform caught exposing data of 20 lakh students
    Edureka e-learning platform caught exposing data of 20 lakh students
    Science
  • New bug exposes Wi-Fi traffic of billion devices (including phones)
    New bug exposes Wi-Fi traffic of billion devices (including phones)
    Science
Trending Topics
Samsung Facebook OnePlus Mobiles Android TV Smart TV Latest Gadget Launch MediaTek Dimensity 1000+ COVAXIN Latest Tech News Upcoming Mobile Phones
Next News Article
Share
Cancel

Want to share it with your friends too?

Facebook Whatsapp Twitter Linkedin
Copied

Love Science news?

Subscribe to stay updated.

Science Thumbnail
India News Business News World News Politics News Sports News Science News Entertainment News Auto News Lifestyle News Inspirational News
Career News Bengaluru News Delhi News Mumbai News Bharti Airtel Mukesh Ambani Indian Premier League Samsung Virat Kohli Rohit Sharma
Cricket News Facebook YouTube Hollywood News WhatsApp Netflix Bollywood News ISRO Spotify Yoga
Honda Batman Football News BMW Vaccine Reliance Jio OPPO Food News, Healthy Recipes Royal Challengers Bangalore Toyota
Fashion Tips Ishant Sharma Farmers Protest Mercedes Isha Ambani India Vs England Cricket OnePlus Mobiles Android TV Smart TV Robert Lewandowski
Marvel Comics Avengers Neha Kakkar Mena Massoud
About Us Privacy Policy Terms & Conditions Contact Us News News Archive Topics Archive Find Cricket Statistics
Follow us on
Facebook Twitter Linkedin Youtube
All rights reserved © NewsBytes 2021