Bykea, a renowned bike-hailing application in Pakistan has suffered a massive security breach which has allegedly affected its extensive database.
According to a report published by Safety Detectives, Bykea has seemingly exposed more than 200 gigabytes worth of data. This data includes more than 400 million records of customers which includes their name, addresses, payment information, and other highly personal and sensitive data. This elastic server vulnerability was discovered during a routine a routine IP-address check.
Apparently, the researchers found the link to be extremely easy to hack in to as no password protection was or encryption of any kind was used; anyone with possession of the IP-address of the server could access the database and remove or manipulate its data.
An example data which was retrieved from the server from a customer perspective is given below:
- Full names
- Phone numbers
- Email addresses
Whereas drivers information was not safe from the breach either. Given below is the information that was retrieved:
- Full names
- Phone numbers
- Address
- CNIC (Computerised National Identity Card)
- Driver license numbers, issuing city and expiry dates
- Body temperature
This is not the first time Bykea is on the forefront of a privacy breach, in September 2020, hackers had access to the ENTIRE database of Bykea users and deleted the entire data. Bykea responded by simply saying that the company was keeping regular backups so its services remained unaffected. However several breaches in the same server and exposing sensitive information such as location data and phone numbers is something to be really concerned of.
We have reached out to Bykea for a statement regarding this breach and will update this space accordingly.
Image Source: Pixabay