DriveHER ride-sharing app for women, which pairs female drivers with female passengers in order to ensure the security of women, has suspended its operations in Toronto after finding out that its user data, including names, home addresses and drivers’ licences, was vulnerable to a breach, The Star is reporting.
The women’s exclusive ride sharing service, founded by Aisha Addo, made its debut in Toronto last month and has seen over 1,000 app downloads since then. However, the app has been found to have left women who signed up for it vulnerable to having personal information exposed.
Earlier this week, DriveHer announced on its social media pages that it was undergoing a maintenance check, and had suspended its services indefinitely. Addo then informed its users of “a data security incident” via an email.
“The data accessed may have included personal information such as name, gender, telephone number, profile image,” she wrote. “DriveHer values your privacy and deeply regrets that this incident occurred.”
Darryl Burke, an IT consultant from Newmarket, found the vulnerabilities in the software and informed DriveHer in a 12-page report reviewed by the Star.
“Your current mobile applications and server implementation has serious flaws,” he wrote in the report. He explained that data provided by users was not encrypted when it entered DriveHer’s server, and that “insecure use” of their storage drive exposed content including driver validation documents.
After reviewing multiple images that revealed the personal information of drivers, The Star found that credit card information was not compromised, although limited information from payments company Stripe may have been accessible.
