After Ola, FoodPanda is the Target of a New Hack to Get Free Food

Whether you like it or not, we have been getting to hear and read about a lot of bugs in Indian tech startups recently. First it was the Ola hack which allowed people to recharge Ola wallets without having to actually pay. Just as this news got viral, Shivani Maheshwari wrote a post on Medium which showed how she could trick the ZopNow payment gateway to order stuff and not pay for them!

Of course, ZopNow handled this much better than the folks at Ola!

After all this, it is now FoodPanda that faces a similar exploit. A bunch of students of IIIT Hyderabad found a bug that allows users to get orders delivered without making the payment. Here's how it works:

  • Build your order as you’d usually do, use the coupon code ‘welcome’ which is only applicable for new users and check out
  • Fill out the details and click on the payment options. PayUMoney is the preferred option for this as it offers an additional discount
  • When you are at the final payment page, hold on for a while without closing the tab or making the payment
  • Within seconds you’ll receive a message from FoodPanda stating your order has been placed.
  • Click on the “back to foodpanda.in” button
  • Voila! You’re food shall be delivered.

The bug has been reported to FoodPanda by a startup called Brthe

Related post- Major Bug in Ola App can Make you Either Rich or Poor

Sadly, even FoodPanda gave a pretty bad reaction to this report. They first shut down services in Hyderabad, and finally restricted the shut down to the Gachibowli area where IIIT Hyderabad is located.

Personally, we know that no one is perfect. But how you handle such situations really makes a difference. We love the way ZopNow handled the situation and I hope many other startups and companies can learn from them too.

Published on Apr 10, 2015
Subho Halder
Written by Subho Halder
Subho Halder is the CISO and Co-Founder of Appknox. He started his career researching Mobile Security. Currently, he helps businesses to detect and fix security vulnerabilities. He has also detected critical loopholes in companies like Google, Facebook, Apple, and others

Questions?

Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now