Delivery Company Leaked 400m Files

An antivirus review website named Safety Detectives has claimed that the online delivery service, Bykea, operating in Pakistan has leaked more than 400 million files after facing a major data breach affecting its extensive user database. The SafetyDetectives cyber security team discovered an elastic server vulnerability during routine IP-address checks on specific ports.

Bykea is a five-year-old logistics and cash on delivery payments company operating out of Karachi, Rawalpindi and Lahore which offers transportation, logistics and cash on delivery services to millions of residents in the three cities. Tens of millions of Pakistanis rely on the company for vehicle-for-hire services and book their orders via Apple and Android apps.

The 200GB database containing 400 million records was located on a production server that stores regularly updated data including internal logs including user details. The investigating team discovered that Bykea had exposed all its production server information and allowed access to a database showing people’s full names, locations, and other personal information that could potentially be harnessed by hackers to cause financial and reputational damage. 

In September 2020, Bykea suffered a separate breach, during which unidentified hackers reportedly deleted the company’s entire customer database. At the time, Bykea said it was unaffected by the intrusion because it kept regular backups.

Bykea’s CEO Muneeb Maayr described the cyberattack as “nothing out of the ordinary” given that Bykea is a mobility-based tech firm. It remains unclear whether this latest breach is related to the hack in September.

The company is an on-demand logistics provider that has embraced mobile demand and ubiquitous internet connectivity to fuel its rapid growth in recent years. Bykea also operates as a vehicle-for-hire and parcel delivery company and maintains a software app offering users access to all its services via Google Play and App Store.

The company raised almost US$6 million from private investors in 2019 and followed up by raising a further US$11 million this year. In total, Bykea has raked in US$22 million in private equity from notable investment groups such as Prosus Ventures, Middle East Venture Partners (MEVP) and Sarmayacar since 2016.

Update: Bykea has now issued a clarification saying that the report published by the review website was a "a vulnerability identification, not a breach of stolen data for criminal purposes. The citation of 400 million files mostly comprises millions of GPS pinpoints that Bykea solicits in tracking over a two week period in 2020 and drivers can be rest assured that national ID data is encrypted now on Bykea".

Safety Detectives:       Bykea:      TEISS:     Mashable:        Defence.pk 

You Might Also Read:

Personal Data Of 115m Pakistanis For Sale:

 

« Bezos Resigns As Amazon CEO
Cybersecurity Training: Upskilling Employees Is A Must »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Tendo Solutions

Tendo Solutions

Tendo Solutions provides intelligence, security, forensics and risk solutions to clients across different sectors and jurisdictions.

Conix

Conix

Conix offerings include Governance and Risk Management, Auditing and Penetration Testing, Digital Forensics, Managed Security Operations Centre (SOC).

Pluribus One

Pluribus One

Pluribus One develops customized solutions and other data-driven applications to secure your business and your devices.

AU10TIX

AU10TIX

AU10TIX’s smart forensic-level ID authentication technology links physical and digital identities, meets compliance mandates, and ensures your customers know their trust and safety come first.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

Digital Craftsmen Ltd

Digital Craftsmen Ltd

We're ISO27001 & Cyber Essentials Cybersecurity experts, delivering full cloud security and managed services. We take a bespoke approach for each client from hosting, optimising & securing them online

Trisul Network Analytics

Trisul Network Analytics

Trisul helps organizations deploy full spectrum deep network monitoring which can serve as a single source of truth for performance monitoring, security analytics, threat detection and compliance.

Route1

Route1

Route1 is an advanced provider of secure data intelligence solutions to drive your business forward.

FourNet

FourNet

FourNet is an award-winning provider of cloud and managed services; we work closely with our clients to enable digital transformation across their organisation.

Factmata

Factmata

Factmata is an social and news media monitoring and analytics product that uses AI to identify and track narratives online, highlighting those most likely to cause brand harm or misinform the public.

InfoSec4TC

InfoSec4TC

InfoSec4tc is an online Information Security Courses, Training, and Consultancy provider.

Epoch Concepts

Epoch Concepts

Offering a full line of IT services, solutions, and integration capabilities, Epoch Concepts is the trusted partner of the US military, federal agencies, private enterprises, and systems integrators.

Firesand

Firesand

Based in Milton Keynes, Firesand Ltd provides penetration testing services to improve your cyber security and protect your company against hackers.

RealDefense

RealDefense

RealDefense develops and markets various privacy, security and optimization technologies and services for consumers and small businesses.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.

Revytech

Revytech

Revytech is a tech company providing services in a broad range of areas including IT operations, cyber security and network engineering.