banner Expire 1 April  2021
Ad Ends 23 May 2021
Ad Ends 07 March 2021
Ad Ends 06 April 2021
Ad Ends 04 March 2021
What's new
  • Contact : [email protected] for Purchasing Advertisement
  • IF you get SCAMMED by someone please contact me for REFUND : TELEGRAM : @carders_se

Daniel

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
2,679
Reaction score
414
Points
182
Awards
2
  • trusted user
  • Rich User
A popular south Asian delivery company exposed 400 million records containing customers’ personal information via a vulnerable cloud server, according to researchers.

A team from reviews site Safety Detectives found the bug during a simple IP address check on specific ports. It claimed the Elasticsearch server was left wide open with no password protection or encryption, meaning anyone with the server’s IP address could have accessed the database.

The team soon traced the leak back to Bykea, a Karachi-based vehicle-for-hire and delivery company that offers an extensive fleet of “motorbike taxis” which are bookable via smartphone app.

Bykea contacted Infosecurity to clarify that the vulnerability was in one of the firm's "backup logging nodes" and that it was promptly patched before it could be exploited.

According to Safety Detectives, the firm exposed its entire production server, including customers’ full names, phones numbers and email addresses, and drivers’ full names, phone numbers, addresses, license numbers and ID card (CNIC) details. Bykea explained that national ID data is now encrypted.

Also featured in the trove were Bykea employees’ unencrypted passwords and logins.

Other information exposed in the privacy snafu included API logs, delivery and collection location info, vehicle info, GPS coordinates and user device information.

If cyber-criminals were able to get hold of the leaked information it would have armed them with a major haul for carrying out follow-on phishing, identity theft and fraud.

“Full names, residential address details, ID documents like CNIC, online login information and location data could potentially be exploited by nefarious users to target unsuspecting people that registered with the company,” said Safety Detectives.

“Car registration and vehicle data could potentially be used to conduct insurance fraud and other heinous crimes involving stolen identities.”

With employee logins, attackers could also have attempted ransomware and other attacks against Bykea itself.
 
Ad Ends 23 February 2021
banner Expire 1 April  2021
Top