The popular two-wheel ride-hailing service provider Bykea has confirmed that Safety Detectives helped it resolve a vulnerability in its database after 200 GB worth of its database was exposed in a security breach containing more than 400 million records.
Bykea, has faced a major security breach that has allegedly affected its extensive database. Bykea has apparently revealed more than 200 gigabytes of data, according to a study released by Safety Detectives.
This data covers over 400 million customer records, including their names, addresses, payment information, and other extremely confidential and personal information. During a routine IP-address test, this elastic server vulnerability was noticed.
The researchers apparently discovered that the connection was extremely simple to hack into because no password protection or encryption of any sort was used; anyone with the server’s IP address could access the database and delete or modify its data.
Below is an example of data that was collected from the server from a customer perspective:
- Full names
- Phone numbers
- Email addresses
However, the data of the drivers was also not protected from the hack. Below is the data that was retrieved:
- Full names
- Phone numbers
- Address
- CNIC
- Driver license numbers, issuing city and expiry dates
- Body temperature
Meanwhile, this is not the first time that Bykea is at the center of a data leak. Back in September 2020, hackers had access to the Bykea users’ complete database and removed all the data.
Bykea replied by merely stating that daily backups were maintained by the organization so that its services remained unchanged. However, it is really about multiple breaches on the same server and disclosing confidential data such as location data and phone numbers.
Bykea has now released a clarification in response to the data leak article posted by the Security Detectives, explaining that the report reported by the review website was a vulnerability detection, not a violation of stolen data for criminal purposes.
The citation of 400 million files mostly includes millions of GPS pinpoints requested by Bykea to monitor over a two-week period in 2020, and drivers can rest assured that Bykea now encrypts national ID data.
The delivery service said the company had engaged multiple security firms, including Security Wall and HackerOne, to strengthen their systems’ security and create a safe digital economy to safeguard their customers’ personal information while offering new services to them.
Source: Safety Detectives
