In Toronto there’s a brand new ride sharing app that launched a month ago called DriveHer which offers up women drivers to provide rides for women. That’s laudable. But there’s a problem. The app that drives this service exposed personal info according to The Toronto Star:
The Star learned earlier this week that DriveHer’s software left women who signed up for it vulnerable to having personal information exposed like their names, home addresses, drivers’ licences and insurance slips.
On Wednesday, DriveHer posted on its social media pages that it was undergoing a “maintenance check,” and had suspended its services indefinitely. Its website has a message that said the company is “fixing things up.”
That’s a #fail. In this day and age of epic pwnage, you need to make sure that the security of customer data is on point prior to launching. Otherwise you get someone telling you that your security sucks. As was the case here:
Darryl Burke, an IT consultant from Newmarket, found the vulnerabilities in the software and informed DriveHer in a 12-page report reviewed by the Star.
“Your current mobile applications and server implementation has serious flaws,” he wrote in the report.
He explained that data provided by users was not encrypted when it entered DriveHer’s server, and that “insecure use” of their storage drive exposed content including driver validation documents.
When someone else tells you that you’ve got serious security problems, you’ve really dropped the ball as you should be on top of that stuff.
Clearly in the rush to get this new ride sharing app on the street, this company didn’t do their due diligence. I predict that they’ll get this fixed and be relaunching this service shortly. However, the fact that their security was this bad, and that info likely leaked is something that they will not recover from. Not to mention that the bad press will likely commit DriveHer to the dustbin of history. Which is where companies who don’t take the security of customer information seriously belong.
Like this:
Like Loading...
Related
This entry was posted on April 5, 2018 at 7:47 am and is filed under Commentary with tags DriveHer. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
#Fail: DriveHer App Exposed Personal Info
In Toronto there’s a brand new ride sharing app that launched a month ago called DriveHer which offers up women drivers to provide rides for women. That’s laudable. But there’s a problem. The app that drives this service exposed personal info according to The Toronto Star:
The Star learned earlier this week that DriveHer’s software left women who signed up for it vulnerable to having personal information exposed like their names, home addresses, drivers’ licences and insurance slips.
On Wednesday, DriveHer posted on its social media pages that it was undergoing a “maintenance check,” and had suspended its services indefinitely. Its website has a message that said the company is “fixing things up.”
That’s a #fail. In this day and age of epic pwnage, you need to make sure that the security of customer data is on point prior to launching. Otherwise you get someone telling you that your security sucks. As was the case here:
Darryl Burke, an IT consultant from Newmarket, found the vulnerabilities in the software and informed DriveHer in a 12-page report reviewed by the Star.
“Your current mobile applications and server implementation has serious flaws,” he wrote in the report.
He explained that data provided by users was not encrypted when it entered DriveHer’s server, and that “insecure use” of their storage drive exposed content including driver validation documents.
When someone else tells you that you’ve got serious security problems, you’ve really dropped the ball as you should be on top of that stuff.
Clearly in the rush to get this new ride sharing app on the street, this company didn’t do their due diligence. I predict that they’ll get this fixed and be relaunching this service shortly. However, the fact that their security was this bad, and that info likely leaked is something that they will not recover from. Not to mention that the bad press will likely commit DriveHer to the dustbin of history. Which is where companies who don’t take the security of customer information seriously belong.
Share this:
Like this:
Related
This entry was posted on April 5, 2018 at 7:47 am and is filed under Commentary with tags DriveHer. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.