A major Indian ride-hailing platform was exposing sensitive user data thanks to a bug in one of its APIs.
The flaw in Rapido's systems was discovered by security researcher Renganathan P, who claimed it stemmed from a website form designed to collect feedback from auto-rickshaw users and drivers. Auto-rickshaw is a three-wheeled vehicle, popular across India and many Asian countries.
Users that provided the feedback have had their sensitive information exposed to the public, including full names, email addresses, and phone numbers.
Rapido exposureThe database has been seen by TechCrunch, which confirmed its authenticity. The data was supposed to be shared with a third-party service, used by Rapido, only, but the publication says the database counts more than 1,800 feedback responses, with a “large number” of driver phone numbers, and a “lesser number” of email addresses.
“This could have led to a big scam involving scammers or hackers, who may have ended up calling drivers and performing a large-scale social engineering attack, or simply these phone numbers and other data could have been exposed on the dark web if reached in the wrong hands,” Renganathan P said.
The publication subsequently reached out to Rapido, who locked down the database and prevented more unauthorized access. We don’t know if any malicious actors found this database in the past, or if the data was abused in the wild. Phone numbers and email addresses are vital in running phishing and identity theft scams.
“As a standard operating procedure, we are in the process of soliciting valuable feedback from our stakeholder community on our services. While this is being managed by external parties, we have come to understand that the survey links have reached some unintended users from the public,” Rapido CEO Aravind Sanka said in a statement.
Sanka added that the collected phone numbers and email addresses were “non-personal in nature.”
You might also likeThose of you with a Samsung Galaxy phone and a love of streaming entertainment are getting two free treats from Samsung just ahead of the holidays: an exclusive clip from Squid Game season 2 on Netflix, and three free months of Peacock Premium.
As per Samsung's announcement (via Android Police), you need to head over to the Galaxy Store to claim these benefits. As long as you download Netflix and Peacock from there, and are in the US, the perks should show up.
First up there's a clip from Squid Game season 2 inside the Netflix app, which Samsung says hasn't been made public before. The hit show is returning on December 26, so it's a way of whetting the appetite before the next batch of episodes drop.
Samsung also points out that the Squid Game: Unleashed game is now available from Netflix as well – though this isn't a Samsung Galaxy or US exclusive. If you want to take on players from around the world in Squid Game, head to the download page.
Get Peacock Premium Load up Peacock for free for three months (Image credit: Shutterstock/DANIEL CONSTANTE)The second bonus for Samsung Galaxy owners, via the Galaxy Store, is three free months of Peacock Premium – enough to get you through the holidays and beyond. This is an offer for first-time subscribers who haven't signed up before.
Peacock Premium would usually set you back $7.99 a month, so you can save yourself close to $24 with this Samsung deal. It's the cheapest Peacock plan, so there are also ads included, and you don't get the offline download support.
The Peacock streaming service gives you access to shows such as Parks and Recreation, Saturday Night Live, The Office, 30 Rock, Poker Face, Yellowstone, and The Day of the Jackal (a show we're particularly impressed by at TechRadar).
You have until June 4, 2025 to claim the deal, so there's no need to rush. Samsung has also announced that Spotify is now available on the Galaxy Store too, so you've got another reason to visit it instead of the Google Play Store.
You might also likeNumerous leaked images have already shown off what the Samsung Galaxy S25 Ultra might look like, but today we’ve seen perhaps the most credible yet, as it comes from a major case maker.
Leaker @Jukanlosreve has shared an image of a Spigen case for the Samsung Galaxy S25 Ultra, and with Spigen being a major brand, it’s likely that Samsung would have shared design details with the company so it can prepare cases ahead of the phone’s launch.
The design in question matches what we’ve seen before; there's a quad-lens camera laid out the same way as the Samsung Galaxy S24 Ultra’s, and slightly curvier corners than on the current model. So, there’s not really anything new here, especially as we can only see the shape of the back of the phone, but this is yet more evidence that the leaks we’ve seen previously are correct.
(Image credit: @Jukanlosreve)Of course, while Spigen is a major brand, it’s possible that this image has been faked, but it looks genuine, and @Jukanlosreve has a good track record for leaks, so it’s unlikely they’d share this if they didn’t think it was the real deal.
More RAM than everIn other Samsung Galaxy S25 news, leaker @yabhishekhd (via Android Police) has claimed that the Samsung Galaxy S25 and Samsung Galaxy S25 Plus will ship with 12GB of RAM, even in their base versions. This means that unlike in the S24 series – where the standard Samsung Galaxy S24 had 8GB of RAM – there won’t be any 8GB models in the Samsung Galaxy S25 line.
This isn’t a new claim, as another source had also previously said that 12GB would be the starting RAM amount for the Galaxy S25 line, but hearing this from multiple sources suggests it’s likely accurate.
We’ll probably find out for sure how much RAM these phones have on January 22, as based on numerous leaks that’s likely the Samsung Galaxy S25 release date.
You might also likeThe past few weeks have shown us how digital landscapes shape our social, political, and economic lives. This has been using misinformation and disinformation to stir up and generate a real-world response.
As a result of the digital world's impact, the rise of hacktivism has become an influential force in advocating for change and drawing attention to perceived injustices. Hacktivism, the use of hacking to promote political ends, often presents itself as a modern form of civil disobedience, challenging power structures and exposing wrongdoing.
Examples of Hacktivism can be seen throughout the world including Belarusian cyber groups attempting to slow Russian troops in opposition of the ongoing war against Ukraine as well as during the Arab Spring where cyber groups granted access to information to citizens.
However, despite its appeal and occasional successes, hacktivism cannot serve as a replacement for due process in a democratic society. Due process, with its foundations in legal standards and fair procedures, ensures that justice is administered impartially and equitably.
Legal and ethical boundariesAlthough their aims can be well-intentioned, hacktivists often skirt around, or outright break laws designed to protect privacy, property, and security. These illegal activities often involve methods such as unauthorized access to systems and data breaches which violate laws and ethical standards.
Due process, on the other hand, abides by legal frameworks that ensure actions are lawful and rights are protected. When hacktivists bypass legal procedures, they undermine the rule of law, which is fundamental to democratic governance.
The actions of hacktivists can be ethically ambiguous. While some may see themselves as digital Robin Hoods, their methods can cause significant harm. For instance, the exposure of personal data during a hack can lead to identity theft, financial loss, and severe privacy violations for innocent individuals. These actions raise critical ethical questions about the means used to achieve perceived noble ends. By circumventing legal channels, hacktivists deny individuals the protections afforded by the law, such as the presumption of innocence and the right to a fair trial.
While most people will not lose sleep over this in instances of hacktivism targeted against Russia’s invasion of Ukraine, the law remains in place to protect everyone; Failing to adhere to it sets a dangerous precedent which may not be wielded with such noble intentions in the future.
Accountability and transparencyDue process ensures accountability and transparency through a transparent legal process where actions and decisions are subject to scrutiny and oversight. Judges, lawyers and law enforcement officials are held to consistent standards and their actions are under constant review. Hacktivism lacks these processes, often operating in secrecy and without accountability, leading to questions about their motives as well as the accuracy and truth behind the information they are releasing.
Potential for unintended consequencesHacktivism attacks, however well intentioned, are often indiscriminate and can result in collateral damage such as disruption of services, harm to innocent parties, and escalation of conflicts. A hack intended to expose corporate malpractice might also compromise the personal data of employees and customers, leading to widespread harm.
The acts of hacktivists can also result in severe responses from governments and corporations who look to increase security following a cyberattack. Stricter regulations and cybersecurity measures can potentially reduce freedoms in the digital space.
Additionally, hacktivist actions can undermine legitimate efforts to address grievances through lawful means. When hacktivists release information obtained illegally, it can taint public perception and compromise investigations that rely on legally obtained evidence. This can impede the work of journalists, watchdog groups, and legal advocates who strive to expose wrongdoing through legitimate channels.
Due process aims to minimize such risks by providing a controlled environment for resolving disputes and addressing wrongdoings. This point emphasizes the potential hazards of hacktivism, contrasting it with the structured and balanced approach of due process designed to protect societal interests and prevent harm.
Looking forwardWhile hacktivism can shine a light on pressing issues and serve as a catalyst for change, it cannot replace due process in a democratic society. The legal and ethical boundaries that define due process ensure that justice is delivered fairly, protecting the rights of individuals while maintaining social order. Accountability and transparency are fundamental to the integrity of legal proceedings, providing a system of checks and balances that is absent in hacktivist operations.
Furthermore, the potential for unintended consequences highlights the risks associated with bypassing established legal channels. For a society committed to justice and the rule of law, due process remains indispensable, providing a structured and equitable framework for addressing grievances and resolving conflicts. Hacktivism, while impactful, lacks the legitimacy, accountability, and comprehensive justice that due process provides, underscoring the importance of adhering to legal principles in the pursuit of social change.
We list the best malware removal tools.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
The hype around AI-powered hardware at the beginning of the year has mostly faded as customers seemed reluctant to pay for the Humane AI Pin, Plaud.AI NotePin, or Rabbit R1, regardless of their many AI abilities. A new device called Pocket is approaching the market from a different angle, though, with a compact design and a far lower price point.
Created by Open Vision Engineering, Pocket promises to record, transcribe, and organize conversations as an affordable companion for professionals and or those who want to document their day. The $79 (about £79) device can be ordered now, with shipments expected in early 2025, and it links with a companion app for Android and iOS.
The device itself can magnetically attach to the back of smartphones and is activated with a button to capture both live conversations and phone calls and encrypt the recordings. Once recorded, Pocket transcribes the conversations and distinguishes between multiple speakers in the document.
The AI also analyzes the interactions with its Conversation Map feature. This tool breaks down the flow of discussion, helping you see how ideas developed, who contributed, and where the conversation went off on that inevitable tangent. Pair this with the thousands of customizable templates and you have a flexible way of organizing your thoughts.
Pocket price planPocket comes with 200 free minutes of recording per month and then requires users to purchase credits. Even so, it comes off as far more budget-friendly than its competitors. The Plaud NotePin, which clips to your clothes, is $169 and provides only 100 more minutes a month compared to Pocket, though there's a yearly $79 Pro Plan with 1,200 minutes per month and other features.
Then there’s the Rabbit R1, whose bright orange box comes at $199 and is also designed for web searches and app controls. Last, the $699 Humane AI Pin comes with voice commands and projects information onto your hand. These devices all bring different flavors of AI assistance and a lot of extra power, but that may not be what people want from AI hardware.
Pocket keeps things simple by comparison. Instead of trying to be a wearable wonder or a flashy lifestyle gadget, Pocket focuses purely on recording, transcribing, and organizing conversations. Whether this simplicity will help Pocket carve out a niche or get lost in the shuffle remains to be seen, but for those who just need a no-fuss way to keep track of conversations, Pocket might be the perfect fit.
You might also like...