What is the official website of DiDi ?

The official website of DiDi is http://www.didiglobal.com.

What is DiDi's cybersecurity risk score?

DiDi has an AI-generated cybersecurity risk score of 755 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has DiDi experienced?

According to Rankiteo, DiDi currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has DiDi been affected by any supply chain cyber incidents ?

According to Rankiteo, DiDi has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does DiDi have SOC 2 Type 1 certification ?

According to Rankiteo, DiDi is not certified under SOC 2 Type 1.

Does DiDi have SOC 2 Type 2 certification ?

According to Rankiteo, DiDi does not hold a SOC 2 Type 2 certification.

Does DiDi comply with GDPR ?

According to Rankiteo, DiDi is not listed as GDPR compliant.

Does DiDi have PCI DSS certification ?

According to Rankiteo, DiDi does not currently maintain PCI DSS compliance.

Does DiDi comply with HIPAA ?

According to Rankiteo, DiDi is not compliant with HIPAA regulations.

Does DiDi have ISO 27001 certification ?

According to Rankiteo,DiDi is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does DiDi operate in ?

DiDi operates primarily in the Software Development industry.

How many employees does DiDi have ?

DiDi employs approximately 30,646 people worldwide.

Does DiDi own any subsidiaries ?

DiDi presently has no subsidiaries across any sectors.

How many LinkedIn followers does DiDi have ?

DiDi's official LinkedIn profile has approximately 329,212 followers.

What is the NAICS classification code for DiDi ?

DiDi is classified under the NAICS code 5112, which corresponds to Software Publishers.

Does DiDi have a Crunchbase profile ?

No, DiDi does not have a profile on Crunchbase.

Does DiDi have a LinkedIn profile ?

Yes, DiDi maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/didiglobal.

How many cybersecurity incidents has DiDi experienced ?

As of June 16, 2026, Rankiteo reports that DiDi has experienced 1 cybersecurity incidents.

How many peer or competitor companies does DiDi have ?

DiDi has an estimated 30,088 peer or competitor companies worldwide.

What types of cybersecurity incidents has DiDi faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

DiDi

Boost Score +25 with badge (5 left)

755

/1000

Fair

780

/1000

Fair

DiDi Vendor Cyber Rating & Cyber Score

didiglobal.com

Add Your Compliance Badge

DiDi Global Inc. is a leading mobility technology platform. It offers a wide range of app-based services across Asia Pacific, Latin America, and other global markets, including ride hailing, taxi hailing, designated driving, hitch and other forms of shared mobility as well as certain energy and vehicle services, food delivery, and intra-city freight services. DiDi provides car owners, drivers, and delivery partners with flexible work and income opportunities. It is committed to collaborating with policymakers, the taxi industry, the automobile industry, and the communities to solve the world’s transportation, environmental, and employment challenges through the use of AI technology and localized smart transportation innovations. DiDi

DiDi A.I CyberSecurity Scoring

Scoring History

DiDi

DiDi CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

DiDi

Breach

6/2021

DID329223209112...

Loading…

A.I.

DiDi Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for DiDi

Incidents vs Software Development Industry Avg (This Year)

No incidents recorded for DiDi in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for DiDi in 2026.

Incident Types DiDi vs Software Development Industry Avg (This Year)

No incidents recorded for DiDi in 2026.

Incident History - DiDi (X = Date, Y = Severity)

Loading…

SUBSIDIARY

DiDi Subsidiaries

Parent Company

DiDi

Software Development

Website: http://www.didiglobal.com

Company Size: 10,000+ employees

No subsidiary data available for this company.

Loading…

DiDi Similar Companies

NetSuite

netsuite.com

Founded in 1998, Oracle NetSuite is the world’s first cloud company. For more than 25 years, NetSuite has helped businesses gain the insight, control, and agility to build and grow a successful business. First focused on financials and ERP, we now provide an AI-powered unified business system that includes inventory management, HR, professional services automation, and omnichannel commerce, used by more than 43,000 customers in 219 countries and dependent territories.

Workday

workday.com

Workday is a leading provider of enterprise cloud applications for finance and human resources, helping customers adapt and thrive in a changing world. Workday applications for financial management, human resources, planning, spend management, and analytics are built with artificial intelligence and machine learning at the core to help organizations around the world embrace the future of work. Workday is used by more than 10,000 organizations around the world and across industries – from medium-sized businesses to more than 50% of the Fortune 500.

Cisco

cisco.com

Cisco is the worldwide technology leader that is revolutionizing the way organizations connect and protect in the AI era. For more than 40 years, Cisco has securely connected the world. With its industry leading AI-powered solutions and services, Cisco enables its customers, partners and communities to unlock innovation, enhance productivity and strengthen digital resilience. With purpose at its core, Cisco remains committed to creating a more connected and inclusive future for all.

bigbasket

cb bigbasket.com

Starting our journey in 2011, today, bigbasket - a Tata Enterprise is India’s largest online supermarket with over 13 million customers and a presence in 60+ cities & towns. With our presence spanning the entire spectrum of consumer needs, we operate through a range of business lines - bigbasket, bbnow, bbinstant, bbdaily, fresho, bbmandi, and bbsaathi. We offer convenience by making grocery shopping easy for customers while enhancing their experience. With more than 47,000 employees, we are a proud & growing bigbasket family. With our businesses scaling, we are keen on working with the best talent in the industry. Every bigbasketeer embodies the ‘Spirit of bb’ that defines our work ethos. We believe in nurturing a people-first environment where the health and well-being of our employees are always prioritised. Fostering bigbasket’s value system, we encourage humility, transparency, integrity, and respect amongst each other to create an elevated work culture. At bigbasket, we empower every bigbasketeer with responsibility and ownership in everything they do. Being a customer-centric organisation, we operate with a maniacal focus on customers ensuring we always deliver our best. bigbasket has been proudly certified as a Great Place to Work, and Great Place to Work for Women. Our business model is designed to create opportunities for our country’s gig economy. We have achieved the highest ranking in the Fairwork India Ratings for Gig Workers. Through our DEI initiative – Aarambh, we foster Diversity, Equity, & Inclusion driving a workplace where everybody feels welcomed. Alongside this, we take conscious and proactive measures towards curtailing our impact on the environment. Our electric vehicles delivery fleet and solar panel equipped warehouses help us minimize carbon emissions. By promoting organic farming, we encourage fresh farm produce contributing to good land and soil health. #JoinTheSquad and be a part of our growth story!

Shopee

shopee.com

Shopee is the leading e-commerce platform in Southeast Asia and Taiwan. It is a platform tailored for the region, providing customers with an easy, secure and fast online shopping experience through strong payment and logistical support. Shopee aims to continually enhance its platform and become the region’s e-commerce destination of choice via ongoing product optimisation and localised user-centered strategies. Shopee, a Sea company, was first launched in Singapore in 2015, and has since expanded its reach to Malaysia, Thailand, Taiwan, Indonesia, Vietnam and the Philippines. Sea is a leader in digital entertainment, e-commerce and digital financial services across Greater Southeast Asia. Sea's mission is to better the lives of consumers and small businesses with technology, and is listed on the NYSE under the symbol SE. The Shopee team is rapidly expanding across the region and we are constantly on the lookout for talents who have the passion and drive to become part of a fast-moving and dynamic team. Do check out our career website http://careers.shopee.com for our available positions!

PedidosYa

pedidosya.com

We’re the delivery market leader in Latin America. Our platform connects over 77.000 restaurants, supermarkets, pharmacies and stores with millions of users. Nowadays we operate in more than 500 cities in Latinamerica. And we are now over 3.400 employees. PedidosYa is available for iOS, Android and Windows Phone operating systems and downloads are now over 20 million.

HubSpot

hubspot.com

HubSpot is a leading CRM platform that provides software and support to help businesses grow better. Our platform includes marketing, sales, service, and website management products that start free and scale to meet our customers’ needs at any stage of growth. Today, thousands of customers around the world use our powerful and easy-to-use tools and integrations to attract, engage, and delight customers. HubSpot's award-winning culture has been recognized by Glassdoor, Great Place to Work, Comparably, Fortune, Entrepreneur, Inc., and more. We build connections, careers, and employee growth by creating a workplace that values flexibility, autonomy, and transparency. You can learn more about our commitment to creating an inclusive and diverse workplace in the HubSpot Culture Code. HubSpot is a hybrid company with employees working fully remotely, from an office, or a mix of the two. We are headquartered in Cambridge, MA with offices in Amsterdam, Berlin, Bogota, Dublin, Ghent, London, Madrid, Paris, San Francisco, Singapore, Sydney, Tokyo and Toronto. To learn more about HubSpot, visit www.hubspot.com and to join our team, visit www.hubspot.com/careers

SAP

cb sap.com

SAP is the leading enterprise application and business AI company. We stand at the intersection of business and technology, where our innovations are designed to directly address real business challenges and produce real-world impacts. Our solutions are the backbone for the world’s most complex and demanding processes. SAP’s integrated portfolio unites the elements of modern organizations — from workforce and financials to customers and supply chains — into a unified ecosystem that drives progress. SAP privacy statement for followers: www.sap.com/sps Our Community Guidelines At SAP, we're committed to fostering meaningful conversations that respect everyone in our community. To maintain a positive environment, we moderate comments that: • Target individuals personally, including our employees, customers, or partners • Contain discriminatory, harassing, or threatening language/content • Share personal information without consent • Promote misinformation or spam or 3rd-party links We believe in open dialogue and constructive feedback, but we will remove content that violates these guidelines without notice. We appreciate your understanding and contribution to a respectful community. For questions about our moderation practices, please DM or contact us at [email protected].

Juniper Networks

juniper.net

Juniper Networks is leading the revolution in networking, making it one of the most exciting technology companies in Silicon Valley today. Since being founded by Pradeep Sindhu, Dennis Ferguson, and Bjorn Liencres nearly 20 years ago, Juniper’s sole mission has been to create innovative products and solutions that meet the growing demands of the connected world. Juniper Networks is headquartered in Sunnyvale, California, with over 9,000 employees in 50 countries and nearly $5 billion in revenue. Our customers include the top 100 global service providers and 30,000 enterprises, including the Global Fortune 100 as well as hundreds of federal, state and local government agencies and higher educational organizations. At Juniper Networks, we believe the network is the single greatest vehicle for knowledge, understanding, and human advancement that the world has ever known. Now more than ever, the world needs network innovation to connect ideas and unleash our full potential. Juniper is taking a new approach to the network — one that is intelligent, agile, secure and open to any vendor and any network environment. To learn more about Juniper, our products, and our vision for the decade ahead, visit our site at https://www.juniper.net. Acquired by Hewlett Packard Enterprise in 2025.

Loading…

NEWS

DiDi CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

February 10, 2026 08:00 AM

What Minimum Viable Cybersecurity Really Looks Like for K–12 Districts

As ransomware and phishing attacks grow more sophisticated, districts can't rely on perimeter defenses alone. Here's what experts say the...

Read Article

September 10, 2025 07:00 AM

DiDi Global's $740 Million IPO Settlement Likely Ready Next Month, Plaintiffs' Lawyer Says

NEW YORK (Reuters) - DiDi Global's $740 million settlement of a lawsuit claiming it defrauded investors in connection with its initial...

Read Article

January 17, 2023 08:00 AM

Regulators’ Trust Refueled, Gets DiDi (DIDIY) on the Road Once Again

Ride-hailing company DiDi Global (DIDIY) has received approval from China's cybersecurity regulator to resume new user registrations following a ban that...

Read Article

January 16, 2023 08:00 AM

Didi Wins Approval to Restart New User Registration for Ride-Hailing Service

Move comes a year and a half after ride-hailing giant was targeted in a cybersecurity probe by Chinese authorities.

Read Article

August 05, 2022 07:00 AM

The CAC is Coming: Didi Chuxing Fined a Record-breaking USD 1.2 Billion for Breach of Data Protection Regulations

Didi Chuxing (Didi) was fined RMB 8.026 billion (approx. USD 1.2 billion) on 21 July 2022, more than a year after the Cyberspace Administration of China (CAC)...

Read Article

August 02, 2022 07:00 AM

Didi Cybersecurity Review - Which Laws did Didi Break?

Which regulations did Didi break? According to the CAC's announcement released on July 21, 2022 the investigation found that Didi had violated...

Read Article

July 28, 2022 07:00 AM

Cyberspace Administration of China Issues Statement on Didi’s $1.2B Fines for Cybersecurity Law Violations

The statement revealed more details regarding CAC's basis for its penalty decision. It stated that Didi committed 16 offenses, which appeared to...

Read Article

July 25, 2022 07:00 AM

China imposes $1.7bn fine on DiDi app for data breach incidents

Chinese ride-hailing firm Didi Global has been fined 8 billion yuan (AU$1.7 billion) by the Cyberspace Administration of China (CAC).

Read Article

July 22, 2022 07:00 AM

A timeline of Didi and its year-long cybersecurity investigation

Share this: ... China's year-long, once seemingly never-ending investigation into Didi finally reached a conclusion on Thursday, with authorities...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-53430

SUMMARY

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines 'Elixir.GRPC.Compressor.Gzip':decompress/1, 'Elixir.GRPC.Message':from_data/2. 'Elixir.GRPC.Compressor.Gzip':decompress/1 calls :zlib.gunzip/1 directly on attacker-controlled bytes with no decompressed-size limit, ratio check, or incremental decoding. Because this module is the registered gzip GRPC.Compressor implementation, it is invoked automatically whenever an incoming gRPC frame carries the grpc-encoding: gzip header. :zlib.gunzip/1 allocates the entire decompressed result as a single binary, so a small highly compressible payload (for example a few kilobytes of zeros, which gzip compresses at roughly 1000:1) expands to multiple gigabytes inside a single call. The max_receive_message_length limit is enforced only against the already-decompressed message, so it provides no protection. An unauthenticated remote peer can send a single crafted frame to exhaust the BEAM node's heap and trigger an out-of-memory kill. This issue affects grpc: from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48854

SUMMARY

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every received chunk into a single growing binary with no size cap. Additionally, when the client omits the grpc-timeout header, the per-chunk read timeout resolves to :infinity, allowing a slow-trickle client to keep the connection alive indefinitely while memory grows. A single connection is sufficient to exhaust server memory and crash the node. This issue affects grpc from 0.3.1 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48853

SUMMARY

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process. This issue affects grpc from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 9.2

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48723

SUMMARY

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-48599

SUMMARY

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed. This issue affects grpc from 0.8.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 7.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…