Delivery Company Leaked 400m Files

An antivirus review website named Safety Detectives has claimed that the online delivery service, Bykea, operating in Pakistan has leaked more than 400 million files after facing a major data breach affecting its extensive user database. The SafetyDetectives cyber security team discovered an elastic server vulnerability during routine IP-address checks on specific ports.

Bykea is a five-year-old logistics and cash on delivery payments company operating out of Karachi, Rawalpindi and Lahore which offers transportation, logistics and cash on delivery services to millions of residents in the three cities. Tens of millions of Pakistanis rely on the company for vehicle-for-hire services and book their orders via Apple and Android apps.

The 200GB database containing 400 million records was located on a production server that stores regularly updated data including internal logs including user details. The investigating team discovered that Bykea had exposed all its production server information and allowed access to a database showing people’s full names, locations, and other personal information that could potentially be harnessed by hackers to cause financial and reputational damage. 

In September 2020, Bykea suffered a separate breach, during which unidentified hackers reportedly deleted the company’s entire customer database. At the time, Bykea said it was unaffected by the intrusion because it kept regular backups.

Bykea’s CEO Muneeb Maayr described the cyberattack as “nothing out of the ordinary” given that Bykea is a mobility-based tech firm. It remains unclear whether this latest breach is related to the hack in September.

The company is an on-demand logistics provider that has embraced mobile demand and ubiquitous internet connectivity to fuel its rapid growth in recent years. Bykea also operates as a vehicle-for-hire and parcel delivery company and maintains a software app offering users access to all its services via Google Play and App Store.

The company raised almost US$6 million from private investors in 2019 and followed up by raising a further US$11 million this year. In total, Bykea has raked in US$22 million in private equity from notable investment groups such as Prosus Ventures, Middle East Venture Partners (MEVP) and Sarmayacar since 2016.

Update: Bykea has now issued a clarification saying that the report published by the review website was a "a vulnerability identification, not a breach of stolen data for criminal purposes. The citation of 400 million files mostly comprises millions of GPS pinpoints that Bykea solicits in tracking over a two week period in 2020 and drivers can be rest assured that national ID data is encrypted now on Bykea".

Safety Detectives:       Bykea:      TEISS:     Mashable:        Defence.pk 

You Might Also Read:

Personal Data Of 115m Pakistanis For Sale:

 

« Bezos Resigns As Amazon CEO
Cybersecurity Training: Upskilling Employees Is A Must »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Venable

Venable

Venable is an American Lawyer 100 law firm with nine offices across the USA, Practice areas include Cybersecurity.

Mobile Mentor

Mobile Mentor

Mobile Mentor is an independent provider of enterprise mobility solutions in New Zealand and Australia.

Progress Flowmon

Progress Flowmon

Progress Flowmon (formerly Flowmon Networks) provide high performance network monitoring technology and behavior analytics to enhance network performance and deal with cyber threats.

IDnext

IDnext

IDnext is the open and independent platform to support innovative approaches in the world of the Digital identity.

Adlink Technology

Adlink Technology

ADLINK is a leading provider of embedded computing products and services for applications including IoT and industrial automation.

DCIT

DCIT

DCIT is a specialist in providing comprehensive consulting and auditing services in the field of information technology, PROVYS development software and security system AuditSquare.

Anect

Anect

Anect is a leading provider of ICT security and services for hybrid and cloud solutions.

LATRO Services

LATRO Services

LATRO Services is a complete solution provider to discover, locate, and eliminate telecom fraud.

MicroEJ

MicroEJ

MicroEJ is a software vendor of cost-driven solutions for embedded and IoT devices.

Silicon Cloud International

Silicon Cloud International

Silicon Cloud is a high performance and secure cloud computing platform for engineering and scientific applications.

Flix11

Flix11

Flix11 is a Cyber Security & ICT Solutions focused company. We provide a range of products and services in Cyber Security, Internet of Things (IoT) and infrastructure solutions.

SecurityGen

SecurityGen

SecurityGen is a global cybersecurity start-up focused on telecom security, with a focus on 5G networks.

National Cyber Security Agency (NCSA) - Thailand

National Cyber Security Agency (NCSA) - Thailand

National Cyber Security Agency of Thailand is responsible for coordinating and implementing national cybersecurity policies, strategies, and initiatives.

SureCloud Cyber Services

SureCloud Cyber Services

Our Cyber Testing capability has been honed since we were founded in 2006 as a disrupter in the penetration testing market.

Cypherleak

Cypherleak

Cypherleak provide Automated Cyber Risk Monitoring & Ai powered cyber recommendations.

CyFox

CyFox

CYFOX is at the forefront of cybersecurity innovation, specializing in providing cutting-edge AI-driven solutions tailored for any businesses.