#Fail: DriveHer App Exposed Personal Info

In Toronto there’s a brand new ride sharing app that launched a month ago called DriveHer which offers up women drivers to provide rides for women. That’s laudable. But there’s a problem. The app that drives this service exposed personal info according to The Toronto Star:

The Star learned earlier this week that DriveHer’s software left women who signed up for it vulnerable to having personal information exposed like their names, home addresses, drivers’ licences and insurance slips.

On Wednesday, DriveHer posted on its social media pages that it was undergoing a “maintenance check,” and had suspended its services indefinitely. Its website has a message that said the company is “fixing things up.”

That’s a #fail. In this day and age of epic pwnage, you need to make sure that the security of customer data is on point prior to launching. Otherwise you get someone telling you that your security sucks. As was the case here:

Darryl Burke, an IT consultant from Newmarket, found the vulnerabilities in the software and informed DriveHer in a 12-page report reviewed by the Star.

“Your current mobile applications and server implementation has serious flaws,” he wrote in the report.

He explained that data provided by users was not encrypted when it entered DriveHer’s server, and that “insecure use” of their storage drive exposed content including driver validation documents.

When someone else tells you that you’ve got serious security problems, you’ve really dropped the ball as you should be on top of that stuff.

Clearly in the rush to get this new ride sharing app on the street, this company didn’t do their due diligence. I predict that they’ll get this fixed and be relaunching this service shortly. However, the fact that their security was this bad, and that info likely leaked is something that they will not recover from. Not to mention that the bad press will likely commit DriveHer to the dustbin of history. Which is where companies who don’t take the security of customer information seriously belong.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: