Delivery Company Leaked 400m Files

Uploaded on 2021-01-27 in NEWS-Cybersecurity News, FREE TO VIEW

An antivirus review website named Safety Detectives has claimed that the online delivery service, Bykea, operating in Pakistan has leaked more than 400 million files after facing a major data breach affecting its extensive user database. The SafetyDetectives cyber security team discovered an elastic server vulnerability during routine IP-address checks on specific ports.

Bykea is a five-year-old logistics and cash on delivery payments company operating out of Karachi, Rawalpindi and Lahore which offers transportation, logistics and cash on delivery services to millions of residents in the three cities. Tens of millions of Pakistanis rely on the company for vehicle-for-hire services and book their orders via Apple and Android apps.

The 200GB database containing 400 million records was located on a production server that stores regularly updated data including internal logs including user details. The investigating team discovered that Bykea had exposed all its production server information and allowed access to a database showing people’s full names, locations, and other personal information that could potentially be harnessed by hackers to cause financial and reputational damage. 

In September 2020, Bykea suffered a separate breach, during which unidentified hackers reportedly deleted the company’s entire customer database. At the time, Bykea said it was unaffected by the intrusion because it kept regular backups.

Bykea’s CEO Muneeb Maayr described the cyberattack as “nothing out of the ordinary” given that Bykea is a mobility-based tech firm. It remains unclear whether this latest breach is related to the hack in September.

The company is an on-demand logistics provider that has embraced mobile demand and ubiquitous internet connectivity to fuel its rapid growth in recent years. Bykea also operates as a vehicle-for-hire and parcel delivery company and maintains a software app offering users access to all its services via Google Play and App Store.

The company raised almost US$6 million from private investors in 2019 and followed up by raising a further US$11 million this year. In total, Bykea has raked in US$22 million in private equity from notable investment groups such as Prosus Ventures, Middle East Venture Partners (MEVP) and Sarmayacar since 2016.

Update: Bykea has now issued a clarification saying that the report published by the review website was a "a vulnerability identification, not a breach of stolen data for criminal purposes. The citation of 400 million files mostly comprises millions of GPS pinpoints that Bykea solicits in tracking over a two week period in 2020 and drivers can be rest assured that national ID data is encrypted now on Bykea".

Safety Detectives:       Bykea:      TEISS:     Mashable:        Defence.pk 

You Might Also Read:

Personal Data Of 115m Pakistanis For Sale:

 

« Bezos Resigns As Amazon CEO
Cybersecurity Training: Upskilling Employees Is A Must »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Black Hat Briefings

Black Hat Briefings

The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world.

Open Networking Foundation (ONF)

Open Networking Foundation (ONF)

The Open Networking Foundation (ONF) is a non-profit operator led consortium driving transformation of network infrastructure and carrier business models.

SAI360

SAI360

SAI360 (formerly SAI Global) provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

Vicarius

Vicarius

Vicarius’ mission is to revolutionize vulnerability management from problem detection to proactive problem resolution.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Academy

Cyber Academy

Cyber Academy is one of the first institutions in the SE Europe region that provides a hands-on program in cyber security, blockchain and AI.

Internet Infrastructure Investigation

Internet Infrastructure Investigation

Internet Infrastructure Investigation offers a bespoke Internet Governance Solution to your brands online infringement problems.

Constella Intelligence

Constella Intelligence

Constella Intelligence provides digital risk protection services to quickly and efficiently disrupt cyber attacks and data breaches before they occur.

stackArmor

stackArmor

stackArmor specializes in compliance and security-focused solutions delivered using our Agile Cloud Transformation (ACT) methodology.

Yogosha

Yogosha

Yogosha is a crowdsourced cybersecurity platform enabling a win-win collaboration with the most talented hackers to detect and fix vulnerabilities on your most critical systems.

RankedRight

RankedRight

RankedRight empowers security teams to take immediate action on their most critical risks.

Lab 1

Lab 1

Lab 1 turns criminal data breaches and attacks into insights. Get alerts of data breaches or ransomware attack incidents as they happen.

BluSapphire

BluSapphire

BluSapphire is an industry-first, purpose-built, cloud-native, Hybrid XDR platform powered by AI and big data analytics.

LeakSignal

LeakSignal

At LeakSignal, we transform the way you monitor and protect your data. We provide unparalleled visibility and control over your sensitive data flows.

Pacific Northwest National Laboratory (PNNL)

Pacific Northwest National Laboratory (PNNL)

PNNL draws on its distinguishing strengths in chemistry, Earth sciences, biology, and data science to advance scientific knowledge and address challenges in energy resiliency and national security.

e92plus

e92plus

e92plus is a leading cybersecurity VAD for UK and Ireland, going beyond traditional distribution to provide exceptional products and services that drive accelerated growth for our partners.