Dubai-based ride sharing app Careem revealed that it was affected by a cyber-attack, which compromised data of over 14 million customers and 558,000 captains (drivers) in the Middle East, North Africa, Turkey and Pakistan.
In a blog post published by the company on April 23, Careem announced that hackers gained unauthorized access into its system that stored users’ and captains’ (drivers) account information on January 14, 2018. However, the company chose not to reveal the data breach until April 23 since it wanted to conduct a proper investigation and notify people with the most accurate information.
Upon investigation Careem did not find any evidence of fraud or misuse related to the data breach. Names, email addresses, phone numbers and trip data of anyone who signed up for Careem prior to January 14 were stolen. Careem said there was no evidence of the users’ passwords or credit card information being taken.
Although Careem has smoothed any concerns relating to the data breach, analysts have indicated that it could impact consumer confidence.
"The Careem breach of driver and rider account data is extremely concerning,” said Gregg Petersen, Regional Sales Vice President, Middle East and Africa at Veeam Software. “Customers need the confidence and trust that digital transactions and the handling of data will always work as expected.”
The data breach comes as the Middle East gradually warms up to online payments. A study by payment solutions firm Payfort, online transactions in the Middle East grew by 22% in 2016 despite concerns about online security among the users.
However, this is not the first time that a ride hailing app’s online accounts have been stolen. Careem’s local rival Uber also faced a cyber-attack in November 2017 when data of more than 57 million of its users including 600,000 drivers were leaked. The ride-hailing giant only notified it after more than a year. Reportedly Uber paid $100,000 to the 20-year old hacker to destroy the data.
Early this month social networking giant Facebook Inc confirmed that data of up to 87 million users were inappropriately shared with Cambridge Analyatica, a political consultancy that worked on U.S. President Donald Trump’s 2016 election campaign.