Contact Contact Us

Ride-hailing Company Exposes Drivers' Details

A ride-hailing company in Iran called Tap30 exposed the personal information of some 300,000 drivers when its Mongo database was inadvertently exposed on the Internet. The unsecured database contained at least 6.7 million invoices, which included drivers' details such as name, identification number and phone number. The exposed personally identifiable information (PII) can be downloaded and monetised in underground markets, which may expose victims to targeted attacks or online frauds. Threat actors may also install malware or ransomware in the unsecured database to extract value from the victim organisation by disrupting its operation.

[1] Insecure Ride App Database Leaks Data of 300K Iranian Drivers

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883