Last week SnappCar was interviewed by a journalist from RTL News pointed to unsecured access to data on the platform, via a so-called 'API'. SnappCar subsequently responded.
Response SnappCar via their website:
Through this access it was possible for third parties with the correct technical knowledge to look up address details and license plates of car rental companies without being logged in with a SnappCar account. This information is normally only available between the tenant and the landlord when they have an accepted booking together.
As a sharing platform, we are aware of the importance of trust in our platform and the privacy of our users. We are sorry that we have not been able to ensure this privacy to the high standard that our users expect from us.
Immediately after we were informed of this access, we solved the problem, so that the address details are no longer public. According to our internal procedures, we are checking all our systems and affected users have been informed. No other problems have been found so far in these controls. There will also be reported to the Dutch Data Protection Authority as soon as possible.
There is currently no indication that address data or license plates have actually been obtained by third parties. In addition, no other type of data (such as passwords, e-mail addresses or financial data) has ever been made public. Tenant data has also never been publicly accessible.
We would like to emphasize that the risk of a serious breach of privacy, such as identity fraud, is very small. In particular because no other data has been public and that only people with specific technical knowledge, after a number of actions, could access the address data and license plates. Nevertheless, we regret the fact that this data was publicly available and we are pleased that we were able to restrict access immediately.
Snappcar was founded in 2012 and is active in the Netherlands, Germany, Sweden and Denmark. The Netherlands is by far the largest market for the company.