Friday, 23 August, 2019
Careem users' personal data compromised in massive data breach

Careem users' personal data compromised in massive data breach

Ride-hailing service Careem on Monday warned users that their personal data had been compromised in a massive cyber-security breach.

The breach affects all customers and captains who signed up with the service before January 14, 2018. Users who signed up with the service after that date have not been affected, Careem said in an emailed statement.

Responding to questions, a representative from Careem's global press team said that at the time of the data breach, there were 14 million customers and 558,000 captains active on the system across 13 countries.

The company separately reported that sensitive information like customers' names, email addresses, phone numbers and trip history data (pick-up and drop-off points) had been stolen by hackers.

However, "there is no evidence that your password or credit card number have been compromised," Careem assured its users. "Customers' credit card information is kept on an external third-party PCP-compliant server," Careem claimed.

Careem did not comment on the origin or nature of the cyber security breach. In response to a query, it simply said: "We do not know the identity of the hacker."

What you can do to protect yourself

The company has recommended to users the following steps to safeguard their personal information:

"Implement good password management by updating your Careem password, as well as other accounts on which you use similar details. Use a strong mix of characters, and try not to use the same password for multiple sites," the handout read.

In addition, users were advised to "remain cautious of any unsolicited communications that ask for personal information or refer to a web page asking for personal information"; to "avoid clicking on links or downloading attachments from unfamiliar emails"; and to "continue to review bank account and credit card statements for suspicious activity."

"If you see anything unexpected, call your bank," the statement read.

Steps taken by Careem

A Careem representative told Dawn.com that as soon as the breach was detected, "an internal security team engaged leading cybersecurity experts to investigate the issue and strengthen our security systems to protect us against further attack."

"Specifically, we have introduced enhanced monitoring capabilities across our infrastructure that allows us to detect and respond quickly to security issues, as well as upgrading access controls for our users using market-leading, multi-factor authentication procedures."

"While we feel our response has been robust, we are also implementing a further programme of updates to further develop our security capabilities over coming months," read the statement.

"Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defences," the company said.

Responding to a query regarding the possible repercussions of the leaking of personal data and trip histories for journalists, politically exposed persons, social activists and other marginalised groups and what is being done to address the matter, the company simply said: "This is an ongoing investigation with law enforcement agencies, so we’re limited in the details we can provide at this time. Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. We’ve seen no cases of fraud or misuse tied to the incident."

When asked if Careem is aware of any attempt to sell or ransom the data acquired by the hackers, the representative only repeated that: "We’ve seen no cases of fraud or misuse tied to the incident."

Possible extortion attempt?

The breach closely echoes an incident involving Careem rival Uber, which was hit by a similar data breach in October 2016.

"Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc, a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers," Bloomberg had reported on November 22, 2017.

"Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world," the company had told Bloomberg.

The personal information of about seven million drivers was accessed as well, including some 600,000 US driver’s license numbers, Bloomberg had reported.

In Uber's case, however, users' trip history data had not been compromised.

Careem, which launched in Pakistan in March 2016, has since become one of the most popular ride-sharing services in the country.

Post a Comment
   
Name
Email
Comments
  20351
Code
 
   
Most Popular
PPP co-chairman Asif Ali Zardari on Monday said that the international financial support being given to Pakistan by friendly countries is welcome, but no "foreign force" can prevent the economic slide the country appeared to be heading towards because of PTI government's policies.
US Secretary of State Mike Pompeo met with Saudi King Salman and Crown Prince Mohammad bin Salman on Monday in Riyadh, where he is visiting for talks on a range of Middle East crises, topped by the conflicts in Syria and Yemen, threats from Iran and the Saudi response to the killing of Washington Post columnist Jamal Khashoggi last year.
India's Hindu nationalist-led government is splashing out on a religious megafest, spending unprecedented sums as part of a strategy to focus on the country's majority Hindu population ahead of a general election due this year.
Chief Justice of Pakistan Mian Saqib Nisar on Monday assailed an audit member of the Federal Bureau of Revenue (FBR) for the body's "sluggish" investigation in the case against 44 politically exposed individuals or their benamidars who own properties abroad.

Pakistan
 
Our Partners
Features and Analysis
Poetry & Literature
Local News
Readers Service
Audios