Brand Updates & Reviews

Bykea accepts flaws in its database but denies any breach

Bykea has admitted that Safety Detectives aided it to resolve a flaw in its database. However, the management of the ride-hailing application further confirmed that those ethical hackers were not given either the bounty or recognition they deserved.

“It was not a data breach,” said Rafay Baloch, a cybersecurity researcher. “They [safety detectives] found a loophole [vulnerability] in Bykea’s servers leading to data exposure.”   

Bykea came across a hacking attempt back in August 2020, when hackers breached into their database and they couldn’t do anything more than deleting the data. However, the data was restored in 24 hours from backup as per the statement of the company.

In November last year, Safety Detectives reported another vulnerability on one of Bykea’s backup logging nodes. The company had it fixed but as a standard practice did not recognize it or offer any bounty.

“All big tech companies such as Google have their Vulnerability Disclosure or Bounty programs,” Baloch said. “Bykea has now announced it.”

Baloch criticized Safety Detectives for reporting a vulnerability as if data had been breached. He, however, said that a loophole was pointed out and the data could have been breached. Bykea also confessed that its rider data was not encrypted.

Safety Detectives recently published an article ‘Multimillion-dollar Pakistani delivery company leaks 400+ million files’ on Bykea’s vulnerability. It said that 200GB of data was exposed, not breached.

Bykea says that its representatives were in touch with Safety Detectives and acknowledged that it helped the Bykea security team resolve the vulnerability.

“Unlike what bloggers in the aftermath of the article on Security Detectives’ site inferred, this was a vulnerability identification, not a breach of data for criminal purposes,” Bykea said in a statement.

“The citation of 400 million files mostly comprises millions of GPS pinpoints that Bykea solicits in tracking over a two-week period in 2020 and drivers can be rest assured that national ID data is encrypted now on Bykea.”

“Security researchers and teams like Safety Detectives play a crucial role in creating awareness and helping companies all around the world identify and plug their weaknesses, a contribution Bykea explicitly welcomes,” Bykea founder Muneeb Maayr said.

The company said that it has engaged cybersecurity firms including SecurityWall that ran pen tests on Bykea’s infrastructure and launched a vulnerability disclosure program with HackerOne.

“The company is exploring ways to build ongoing collaborations with ethical hackers to advance their mutual interests of building a secure digital economy protecting personal information,” it added.

Related Articles

Now you can share your WhatsApp location live

Yumna Tirmizi

iOS11.1 update will now provide you the ‘Hijab Emoji’

Isra Shams

YouTube Music: New music streaming service to launch next week

Isra Shams