Wednesday, June 23, 2021  | 12 ZUL-QAADAH, 1442
Samaa TV
Facebook Twitter Youtube
HOME > Money

Bykea admits vulnerability in its database but denies any breach

The company has now engaged cybersecurity firms for data protection

SAMAA | - Posted: Feb 2, 2021 | Last Updated: 5 months ago
Posted: Feb 2, 2021 | Last Updated: 5 months ago

Photo: Bykea/Facebook

Bykea, the two-wheel ride-hailing service provider, has confirmed that Safety Detectives helped it resolve a vulnerability in its database. However, the white hats, or ethical hackers, were not given either the bounty or recognition they deserved, it said.     

“It was not a data breach,” said Rafay Baloch, a cybersecurity researcher. “They [safety detectives] found a loophole [vulnerability] in Bykea’s servers leading to data exposure.”   

Bykea endured a hacking attempt in August 2020, when the company’s data was hacked but the hackers couldn’t do anything except deleting it. The company said the data was restored in 24 hours from the backup.

In November last year, Safety Detectives reported another vulnerability on one of Bykea’s backup logging nodes. The company had it fixed but as a standard practice did not recognize it or offer any bounty.

“All big tech companies such as Google have their Vulnerability Disclosure or Bounty programs,” Baloch said. “Bykea has now announced it.”

Baloch criticized Safety Detectives for reporting a vulnerability as if data had been breached. He, however, said that a loophole was pointed out and the data could have been breached. Bykea also confessed that its rider data was not encrypted.

Safety Detectives recently published an article ‘Multimillion-dollar Pakistani delivery company leaks 400+ million files’ on Bykea’s vulnerability. It said that 200GB of data was exposed, not breached.     

Bykea says that its representatives were in touch with Safety Detectives and acknowledged that it helped the Bykea security team resolve the vulnerability.

“Unlike what bloggers in the aftermath of the article on Security Detectives’ site inferred, this was a vulnerability identification, not a breach of data for criminal purposes,” Bykea said in a statement.

“The citation of 400 million files mostly comprises millions of GPS pinpoints that Bykea solicits in tracking over a two-week period in 2020 and drivers can be rest assured that national ID data is encrypted now on Bykea.

“Security researchers and teams like Safety Detectives play a crucial role in creating awareness and helping companies all around the world identify and plug their weaknesses, a contribution Bykea explicitly welcomes,” Bykea founder Muneeb Maayr said.

The company said that it has engaged cybersecurity firms including SecurityWall that ran pen tests on Bykea’s infrastructure and launched a vulnerability disclosure program with HackerOne.

“The company is exploring ways to build ongoing collaborations with ethical hackers to advance their mutual interests of building a secure digital economy protecting personal information,” it added.

FaceBook WhatsApp

Tell us what you think:

Your email address will not be published.

FaceBook WhatsApp


National Saving Schemes interest rates go up
Pakistan limits free online transfers to 25,000 a month
Cans supplier to Pepsi and Coca-Cola to be publicly listed
Sindh vs Punjab: Who will spend more on development?
Here’s a cheaper way to buy good stocks
June Effect: Dollar jumps to 16-week high
Is PTI’s latest budget pro-people or not?
About Us   |   Anchor Profiles   |   Online Advertising   |   Contact Us   |   Feedback   |   Apps   |   FAQs   |   Authors   |   Comment Policy
Facebook   |   Twitter   |   Instagram   |   YouTube   |   WhatsApp