Careem hacked, 14 million users’ personal data stolen by massive cyber-attack

Careem, the ride-hailing company recently informed the public that it has identified a massive cyber-attack involving the unauthorized access to the system where all the company’s data was stored. The hack has reportedly compromised the data of 14 million riders and 558,000 captains. The stolen data includes the usernames, email addresses, phone number and the trip data.

Surprisingly, the security breach didn’t happen just now, in fact, Careem got aware of the illegal access back on January 14th. The company claims that it waited until now to publicize the incident because it “wanted to make sure we had the most accurate information before notifying people.”

Also, as per the reports, the users who signed up after this date are unaffected as at the time of the attack their data wasn’t present on the company’s system.

Even though the official blog post states, “we have seen no evidence of fraud or misuse related to this incident”, and that “there is no evidence that your password or credit card number have been compromised,” the company and the security experts still recommend to immediately take the precautionary measures.

While Careem is busy is conducting investigations and improving its security along with the help of cyber-security experts as it claims, the company has suggested the users follow these steps:

• Implement good password management by updating your Careem password, as well as other accounts on which you use similar details. Use a strong mix of characters, and try not to use the same password for multiple sites.
• Remain cautious of any unsolicited communications that ask for personal information or refer to a web page asking for personal information
• Avoid clicking on links or downloading attachments from unfamiliar emails
• Continue to review bank account and credit card statements for suspicious activity – if you see anything unexpected, call your bank

The ride-hailing company has apologized and promised to strengthen their security to properly protect the trusted user data.

“While no organization is completely immune to the threat of cybercrime, we are committed to meeting these threats and protecting the privacy and data of those that have placed their trust in us.
We apologize for what has happened but rest assured, Careem has learned from this experience and will come out of it a stronger and more resilient organization.”

But it seems that the users are not much forgiving about their personal data and why should they be? Many people have tweeted about the matter showing their lack of trust in these services for the data protection. Most of the public is angry about the company informing the public months after the breach.

Here are some of the tweets:

As aforementioned, it is strongly advised that you take the necessary steps for your own protection. For any queries, you can contact Careem’s team at securityupdate@careem.com.

How do you feel about this security breach? Would you still give Careem a chance? Let us know in the comments below.