Rewterz Threat Update – Bykea’s Third-Party Notification Service Compromised: Security Breach Alert

Severity

High

Analysis Summary

The famous ride-hailing app Bykea has experienced a security breach where the app issued notifications abusing Pakistan. This incident has raised concerns as the app contains the personal data of millions of Pakistanis. 

The breach adds to the growing list of data breaches affecting organizations in Pakistan and highlights the need for improved cybersecurity measures in the region. Bykea, a multi-million dollar company offering transportation and delivery services, has unfortunately become a victim of this breach. 

The notification was shown as :

The mobile app displayed the same notice but was still functional. It is reasonable to assume that the hack was merely used as an exploit to display a message to everyone and did not disrupt anything.

According to the information received, the attempt was most likely directed at Bykea’s marketing communications tools, which are in charge of sending push alerts to customers. Typically, this is a third-party product.

“We apologise for the inappropriate messaging sent through Bykea. We can confirm that this was a third party communication tool which got compromised. Our team has restored it and the Bykea app is fully functional and safe to use. If users are facing any issues, we are available on our helpline”, official statement from Bykea.

The specific details of the breach are undisclosed, emphasizing the evolving threat landscape and the risks faced by digital companies. This incident underscores the importance of increased awareness and proactive measures to address cyber threats. Collaboration between governments, businesses, and individuals is essential in developing and implementing stringent security protocols to safeguard sensitive data. Regular security audits, employee training, and adopting best practices are crucial steps organizations should take to strengthen their defenses against potential cyberattacks.

Impact

• Reputational Damage
• App Defacement

Remediation

• Stay vigilant and monitor public facing assets
• Stay vigilant to any applications using any notification mechanisms.
• Maintain an up-to-date inventory of all third-party dependencies used in your web application to have a clear understanding of the code you are incorporating.
• Regularly analyze and assess the security of your dependencies using automated tools or resources like vulnerability databases to identify potential risks.
• Evaluate the severity and relevance of detected vulnerabilities to determine the appropriate course of action, considering factors such as available fixes, implementation effort, and potential impact.
• Take necessary actions to mitigate identified risks, including applying available fixes, collaborating with dependency authors/vendors, and implementing workarounds or mitigation strategies to minimize vulnerability exploitation.
• Ensure that data transmitted between your system and the third-party integration is encrypted using secure protocols (e.g., HTTPS) to protect it from interception or tampering.
• Set up monitoring systems to detect any suspicious or anomalous behavior related to the third-party integration. Monitor logs for any signs of unauthorized access attempts or unusual activity.
• Develop an incident response plan that includes specific procedures for addressing security incidents related to third-party integrations. This plan should outline steps for containment, investigation, and communication in the event of a breach or vulnerability.
• Consider partnering with external security experts or consultants to conduct independent assessments, penetration tests, or security audits. Their expertise can provide valuable insights and recommendations for enhancing your security posture.