Careem announced today that it was the victim of a cyber-attack that compromised the data of its clients and employees.
Dear Customers, we have identified a cyber incident that took place in January 2018 involving unauthorized access to the system we use to store data. Our wider security protocol keep passwords encrypted and credit card details on a separate system. pic.twitter.com/rkcpf671ct
— Careem (@careem) April 23, 2018
Few weeks ago, Daniyal Nasir from Karachi, Pakistan diged into the Careem Application to test for the security issues and found the most critical vulnerabilities in their applications by which he was able to access over 1.4 million customer’s confidential information of Careem.
He was able to get all the Information of Careem includes all the Driver’s Email, Name, Mobile Number, ID CardNumber, Trips, Payment Information, even their Pictures. Not only drivers, but also the details of all the Cars registered in Careem even their Car Registration Number.
Daniyal Nasir tried to reach the Careem appropriate team to discuss about these vulnerabilities but he received no response other than a generic reply.
In the past the data of PakWheels and Zameen users were also compromised and made available online.