DUBAI: Popular ride-hailing app Careem was hit by a cyber attack that compromised the data of 14 million users including those using the service in Pakistan.
The company learned of the breach, in which access was gained to a computer system that stored customer and driver account information, on January 14, it said in statement.
Names, email addresses, phone numbers and trip data were stolen, though there was no evidence that passwords or credit card information – held on external third-party servers – were compromised, the company said.
Careem was launched in Pakistan in March 2016 and has since become one of the most popular ride-sharing services in the country.
What you need to do first?
The company has recommended to users the following steps to safeguard their personal information:
“Implement good password management by updating your Careem password, as well as other accounts on which you use similar details. Use a strong mix of characters, and try not to use the same password for multiple sites,” the handout read.
In addition, users were advised to “remain cautious of any unsolicited communications that ask for personal information or refer to a web page asking for personal information”; to “avoid clicking on links or downloading attachments from unfamiliar emails”; and to “continue to review bank account and credit card statements for suspicious activity.”
“If you see anything unexpected, call your bank,” the statement read.
Dear Customers, we have identified a cyber incident that took place in January 2018 involving unauthorized access to the system we use to store data. Our wider security protocol keep passwords encrypted and credit card details on a separate system. pic.twitter.com/rkcpf671ct
— Careem (@careem) April 23, 2018
At the time of the attack, Careem had 14 million customers and 558,000 drivers on its platform operating in 78 cities across the region, a company spokesman said. Users who have signed up since the attack were not affected.
The company apologized to its users, saying it “has learned from this experience and will come out of it a stronger and more resilient organization”.
News of the attack comes at a sensitive time for Careem, as it tests investor appetite for a bid to raise as much as $500 million to fund new business lines. It completed a funding round of the same amount last year.
Careem, founded in 2012, already counts Saudi Arabia’s Kingdom Holding, German carmaker Daimler and Chinese ride-hailer DiDi Chuxing among its investors.
The company has previously said it is targeting profitability in the second half of 2018. It has also said that an initial public offering is an option under consideration.