Following Uber’s massive breach revealed in 2017, another ride-hailing app has been compromised — Dubai-based Careem. The incident, affecting 14 million riders, involved access to Careem’s data storage system, compromising names, email addresses, phone numbers and trip data for anyone who signed up for the app before Jan. 14, 2018. There’s currently no evidence that the hackers accessed passwords/credit card info.
Setu Kulkarni, VP of Corporate Strategy at leading application security provider WhiteHat Security, has analyzed the attack below.
“This incident reaffirms that we’re never out of danger from a data breach of our personal information. As online platforms rapidly and successfully connect consumers to service providers – these platforms are becoming treasure troves of personally identifiable information. Unfortunately, in the pursuit of time to market and rapid user adoption, not enough attention is paid to application security. WhiteHat Security’s annual Application Security Statistics Report looks at ‘windows of exposure’ across industries each year. What is consistently alarming is the high rate of applications that are ‘always vulnerable,’ which means an application is vulnerable on every single day of the year. In the transportation industry, 33% of applications are always vulnerable. Additionally, as more apps are developed and utilized, there are more and more points of entry that need to be secured.
While Careem hasn’t provided specific details on the cause of this cyber incident, one potential cause could be that a vulnerable backend API allowed the unauthorized access. While reacting to the incident in the way Careem has done is absolutely the right thing to do, it is also important to take a proactive approach to application security by testing all digital assets–be it web, mobile or APIs–throughout their development lifecycle. It’s also important to provide adequate and appropriate training and education to foster meaningful collaboration between IT/Ops and security teams to understand and prioritize how to mitigate risk. Comprehensive security testing and training along with continuous assessment of production assets could make such massive breaches a thing of the past.”
Dubai-Based Ride Hailing App Careem Breached, Affecting 14M
Following Uber’s massive breach revealed in 2017, another ride-hailing app has been compromised — Dubai-based Careem. The incident, affecting 14 million riders, involved access to Careem’s data storage system, compromising names, email addresses, phone numbers and trip data for anyone who signed up for the app before Jan. 14, 2018. There’s currently no evidence that the hackers accessed passwords/credit card info.
Setu Kulkarni, VP of Corporate Strategy at leading application security provider WhiteHat Security, has analyzed the attack below.
Setu Kulkarni, VP of Corporate Strategy at WhiteHat Security:
While Careem hasn’t provided specific details on the cause of this cyber incident, one potential cause could be that a vulnerable backend API allowed the unauthorized access. While reacting to the incident in the way Careem has done is absolutely the right thing to do, it is also important to take a proactive approach to application security by testing all digital assets–be it web, mobile or APIs–throughout their development lifecycle. It’s also important to provide adequate and appropriate training and education to foster meaningful collaboration between IT/Ops and security teams to understand and prioritize how to mitigate risk. Comprehensive security testing and training along with continuous assessment of production assets could make such massive breaches a thing of the past.”
Recent Posts
Response To News On Cyber Pathways Initiative
Lack Of Web Scraping Regulations Hurts Progress
Your Android Phone Can Now Keep All Your Passwords On Your Home Screen
Yodel Cyber Incident – Experts Discussion
Why 84% Of US Firms Hit With Identity-Related Breaches In 2021