Well it looks that Bykea is in real trouble. The famous and prominent bike booking and delivery service company has faced massive data leakage resultant in millions of users database out in the open.
The Bykea Data Leaked
The Safety detective cybersecurity team has recently discovered the elastic server vulnerability during routine IP-address check on specific ports and found out that the Karachi-based company Bykea had exposed all its production server information and allowed access to over 200GB of data containing more than 400 million records showing people’s full names, locations and other personal information that could potentially be harnessed by hackers to cause financial and reputational damage.
The team further discovered that The Elastic instance was left publicly exposed, without any password protection or any type or any kind of encryption which means anyone in possession of that server’s IP Address could easily be accessed and that database can be removed or breached.
The Database Breach is Not A New Thing For Bykea!
Well, that’s not really new for Bykea, back in September 2020, Bykea suffered another separate breach, where unidentified hackers reportedly deleted the company’s entire customer database. The company stated that it was unaffected by the intrusion as they kept regular backups. On this account Bykea’s CEO, Muneer Maayr described the cyberattack as “nothing out of the ordinary,” considering it’s a mobility-based tech firm.
It is still unclear whether this recent cyberattack is a continuity of the last hack-attack of September.
Something About Bykea
Bykea was founded in 2016 by a Pakistani entrepreneur Muneeb Maayr. It is a transportation and logistics payment company. The company runs on a cash on delivery method and runs from Karachi. They are the first to introduce the concept of ‘Motorbike taxis’ for both transportation and deliveries. The app is downloadable through Google Play and App Store. The organization is an on-request logistics supplier that has accepted versatile interest and a universal web network to fuel its fast development in recent years. The organization raised nearly US$6 million from private financial specialists in 2019 and followed up by raising a further US$11 million this year. Altogether, Bykea has rounded up US$22 million in private value from striking speculation gatherings, for example, Prosus Ventures, Middle East Venture Partners (MEVP), and Sarmayacar since 2016.
What was Leaked?
The exposed data from the server contained API logs for both the company’s web and mobile sites. It also includes all the production server information. The almost “200GB data contained 400million records which included internal logs and user details.
Moreover, the leaked server contained PII Personally Identifiable Information for both the users and employees. The PII includes drivers and users details are follows
It was also discovered that the company server contained customers’ invoices showing full trip information (pick and drop) drivers arrivals and departures! LITERALLY EVERYTHING!
That’s not it, the company also found Bykea’s internal employee login and unencrypted password information as well. Moreover, the apps existing commercial relationship with other Pakistani companies, including K-Electric, EasyPaisa, and JazzCash. All the related information was stored on Bykea’s database and exposed during the leak!
What is the Impact of Data breaching of Tech companies and How to Prevent it?
According to our knowledge, this is one massive breach of data and exposure of a company’s full database, including each and everything. A large number of discovered records that are so vulnerable online could include heavy identity theft, fraud of different kinds, and scams. Full names and residential addresses and CNIC information could dangerously be exploited by evil identities and car registration and could potentially be used to conduct insurance fraud and other crimes with stolen identities. Also, user emails could be attacked by hackers who are in search of infusing leaked customer data into fake emails to blackmail and trigger click baits to malicious websites.
Now the main question arises, how to avoid this and stay safe? How to prevent your personal information from being exposed in a data leak and ensure security? You need to be cautious of what information you give and to whom you are providing that, you should always check that the website you are using is secure and the HTTP and locked. Also don’t give your number unless you are fully comfortable. Create strong passwords and do not click on faulty links and emails that you are not sure are safe. (Go with the GUT feeling!). Double or sometimes even triple check on any social media accounts that you no longer use to ensure that the personal details are not exposed to the public or strangers. AVOID CREDIT CARD information over unsecured WIFI networks. Internet is not safe.
Always keep an eye around you and what you share over social media regarding your personal life and information!