Sunday, March 7, 2021  | 22 Rajab, 1442
Samaa TV
Facebook Twitter Youtube
HOME > Money

Bykea admits vulnerability in its database but denies any breach

The company has now engaged cybersecurity firms for data protection

SAMAA | - Posted: Feb 2, 2021 | Last Updated: 1 month ago
Posted: Feb 2, 2021 | Last Updated: 1 month ago
Bykea admits vulnerability in its database but denies any breach

Photo: Bykea/Facebook

Bykea, the two-wheel ride-hailing service provider, has confirmed that Safety Detectives helped it resolve a vulnerability in its database. However, the white hats, or ethical hackers, were not given either the bounty or recognition they deserved, it said.     

“It was not a data breach,” said Rafay Baloch, a cybersecurity researcher. “They [safety detectives] found a loophole [vulnerability] in Bykea’s servers leading to data exposure.”   

Bykea endured a hacking attempt in August 2020, when the company’s data was hacked but the hackers couldn’t do anything except deleting it. The company said the data was restored in 24 hours from the backup.

In November last year, Safety Detectives reported another vulnerability on one of Bykea’s backup logging nodes. The company had it fixed but as a standard practice did not recognize it or offer any bounty.

“All big tech companies such as Google have their Vulnerability Disclosure or Bounty programs,” Baloch said. “Bykea has now announced it.”

Baloch criticized Safety Detectives for reporting a vulnerability as if data had been breached. He, however, said that a loophole was pointed out and the data could have been breached. Bykea also confessed that its rider data was not encrypted.

Safety Detectives recently published an article ‘Multimillion-dollar Pakistani delivery company leaks 400+ million files’ on Bykea’s vulnerability. It said that 200GB of data was exposed, not breached.     

Bykea says that its representatives were in touch with Safety Detectives and acknowledged that it helped the Bykea security team resolve the vulnerability.

“Unlike what bloggers in the aftermath of the article on Security Detectives’ site inferred, this was a vulnerability identification, not a breach of data for criminal purposes,” Bykea said in a statement.

“The citation of 400 million files mostly comprises millions of GPS pinpoints that Bykea solicits in tracking over a two-week period in 2020 and drivers can be rest assured that national ID data is encrypted now on Bykea.

“Security researchers and teams like Safety Detectives play a crucial role in creating awareness and helping companies all around the world identify and plug their weaknesses, a contribution Bykea explicitly welcomes,” Bykea founder Muneeb Maayr said.

The company said that it has engaged cybersecurity firms including SecurityWall that ran pen tests on Bykea’s infrastructure and launched a vulnerability disclosure program with HackerOne.

“The company is exploring ways to build ongoing collaborations with ethical hackers to advance their mutual interests of building a secure digital economy protecting personal information,” it added.

FaceBook WhatsApp

Tell us what you think:

Your email address will not be published.



FBR issues tax notices to 2.1 million Pakistanis
Gold losing the uncertainty gloss in Pakistan
Gold takes another dip in Pakistan
Gold sheds Rs5,500 in Pakistan in just four days
Dollar rate drops below Rs158 after one year
Pakistan maintains petroleum prices for next two weeks
Pakistan’s top cars don’t have airbags
Beware of ‘you have won a car’ messages
PSX’s top performing sectors by returns in February
About Us   |   Anchor Profiles   |   Online Advertising   |   Contact Us   |   Feedback   |   Apps   |   FAQs   |   Authors   |   Comment Policy
Facebook   |   Twitter   |   Instagram   |   YouTube   |   WhatsApp