Bykea, a popular ride-hailing, mobility, and delivery app used by many Pakistanis, experienced a disturbing hacking incident on Tuesday, causing widespread concern among users.

The ordeal began when users started receiving highly inappropriate text messages, alarming and unsettling them. Bykea promptly addressed the issue and issued an apology for the offensive messages.

According to the company, the messages were sent through a compromised third-party communication tool. The first notification, containing inappropriate language, appeared on users’ screens around 12:10 pm, followed by another notification approximately 40 minutes later, informing users in Urdu that the app was still hacked.

Speaking to The Express Tribune Bykea, CEO, Muneeb Maayr revealed that a laptop belonging to a Bykea employee in their Karachi office was accessed from outside the country. The compromised third-party tool lacked two-factor authentication, allowing the hackers to breach the system and gain access to the application. However, Maayr refrained from disclosing the name of the compromised tool.

Following the incident, Bykea issued a statement expressing apologies for the inappropriate messaging. They confirmed that the breach occurred through a third-party communication tool, and their team has successfully restored the app. Bykea assured users in a statement that their app and data remain safe and secure. If users encounter any issues, the company encouraged them to reach out to their helpline.

Cybersecurity expert Etizaz Mohsin confirmed to the Express Tribune that a third-party application used by Bykea for managing notifications was hacked, leading to users receiving notifications that appeared to originate from Bykea. Mohsin emphasised the importance for product companies to enhance their security controls to prevent such incidents. Implementing stronger and more effective security measures can significantly reduce the risks of unauthorised access and breaches, he said.

While some netizens speculated that the messages originated from India based on their content, the CEO did not mention any specific country. He stated that the language and Roman spelling used in the messages did not align with what is commonly used in Pakistan.

Bykea took immediate action by disabling the compromised software and announced plans to adopt an alternative tool with a two-factor authentication system.

The ride hailing company’s CEO highlighted that hackers target software of companies either to steal money or to insult the company. In this case, the attempt seems to indicate that “Bykea has become a representation of Pakistan”, making it a target for the hackers to express their hatred against the country. “They thought they would reach out to more through Bykea software,” he said.

Regarding the safety of user data, Bykea stated that they only keep encrypted mobile numbers, while credit card data is managed by Bank Alfalah. Maayr assured customers that there is no need to worry as the situation is under control.

Looking ahead, Bykea intends to position itself as a national security app and make appropriate arrangements to ensure the highest level of security for its users, he said.

Published in The Express Tribune, June 14^th, 2023.

Like Business on Facebook, follow @TribuneBiz on Twitter to stay informed and join in the conversation.