Careem, today, is the largest competitor Uber has in Southeast Asia as well as in the Middle East and it is currently operating in 80 cities and 13 countries in total and was rumored to be worth over 1.2 billion dollars in 2017. But despite its fame and its success, it has fallen victim to hacking just like Uber has. Careem told its users about this breach of privacy via a blog post which went as follows,
“On January 14th of this year, we became aware that online criminals gained access to our computer systems which hold customer and captain account data. Customers and captains who have signed up with us since that date are not affected.”
image credits: iStock
After this post went up on their blog, it immediately took the media by storm and people started wondering what had actually happened and how far had their information been compromised, after all, most users argued, someone could easily kidnap them if they knew where they were getting on to their Careem ride and where they were getting off and so, because this was not just a privacy concern but a security concern also, people wanted to know how this happened, what exactly was compromised and who was responsible.
Striking information has come to light that indicates that a Pakistani hacker had reported a flaw in their system that could have caused the information leak a total of 18 months ago before this incident in January, the details of which are as follows,
A Pakistani and his team reported a problem to Careem 18 months prior (careem hacked like uber):
image credits: iStock
Shahmeer Amir the acclaimed entrepreneur and CEO of Vieliux, the ethical hacking company, found an open API endpoint, that enabled the leak of user data and other sensitive information about a year and a half prior to the January breach in security that Careem has just recently experienced. According to Shahmeer Amir, who along with his team took on the challenge of hacking the careem database through the vulnerability they discovered, found out that it was possible to exploit the open API endpoint and through it anyone who wanted to, could acquire all the information they needed about a user of Careem or a Captain. They pointed out two factors that they believe caused this problem.
He says that “I reported it to them 18 months ago, they did not patch it up. Careem says that this is not the flaw behind this breach, but I think this flaw may have aided the breach.”
Note: All information has been given to Born Realist by Shahmeer Amir and Vieliux, careem data breach happened because of careem’s cyber attack. If you want to know how to work with careem through the careem captain portal, contact them through their site. The careem helpline is also always available if you face any issues.
Vieliux believes that two causes may have contributed to hacking (careem hacked like uber):
image credits: iStock
One, as pointed out in the open API endpoint, which the team reported would produce all the addresses and personal information if it was brute forced.
The other was the lack of entropy in Careem’s booking ID’s.
Careem did not respond immediately (careem hacked like uber):
image credits: iStock
The Vieliux team reports that they informed Careem about this breach at the time of discovery but did not get any reply, they even went as far as to message their twitter account but Careem remained unresponsive for an entirety of 18 months before the breach occurred and several people were victim to the January hacking that led to the loss of important information. It was only after this happened that Careem responded to Vieliux and asked them to fix the breach which they assured Vieliux was not what caused the breach in the first place.
What does one do about the breach? (careem hacked like uber)
image credits: iStock
As Careem has mentioned people who have installed the app and created their accounts after the breach are not affected by it but people who have had their accounts before the January of this year should follow instructions given by Careem and should keep their accounts in check and should also change their passwords.
Note: All information has been given to Born Realist by Shahmeer Amir and Vieliux, careem data breach happened because of careem’s cyber attack. If you want to know how to work with careem through the careem captain portal, contact them through their site. The careem helpline is also always available if you face any issues.
What is Careem doing to solve this issue? (careem hacked like uber)
image credits: iStock
In their own statement, they have said that “it is our responsibility to be open and honest with you and to reaffirm our commitment to protecting your privacy and data.” and by revealing the breach they have clearly shown conviction and purpose and are possibly on the road of making sure all its users privacy concerns are heard and taken care off accordingly.
Note: All information has been given to Born Realist by Shahmeer Amir and Vieliux, careem data breach happened because of careem’s cyber attack. If you want to know how to work with careem through the careem captain portal, contact them through their site. The careem helpline is also always available if you face any issues.