Careem Data Breach Exposes Data Of 14 Million Users

Careem, a ride-hailing service from Dubai that is operating in 13 countries within the Middle East, North Africa, and South Asia, announced that a data breach exposed the account information of 14 million drivers and riders.

Careem Data Breach

Careem said that it first learned about the data breach on January 14, but it’s only now making the incident public, three months later. The company also didn’t say what type of data was stolen, just that the data belonged to 14 million drivers (“captains”) and riders.

According to Careem, once the company noticed the data breach it engaged with security experts and law enforcement agencies to investigate the hack and secure its systems against future hacks.

Neither drivers nor riders who have signed-up with the company’s service after January 14 were affected by the data breach.

Careem’s Recommendations To Affected Users

Careem can’t do much about the data that was already stolen, so it advised users to:

  • Update your passwords for both the Careem service and for other online services where you may have used the same password.
  • Be cautious about suspicious suspicious emails asking you to click a link where personal information is requested or asking you to download an email attachment
  • Review your bank and credit card statements for suspicious activity

The last one is particularly concerning, because it seems to imply that users’ credit card information was not properly secured or encrypted and that the hackers may have gotten this information and now are able to use it.

Data Is A Target On Companies' Backs

Companies with many users that collect significant amounts of information about those users seem to have become highly appealing targets to malicious hackers. Companies operating over the internet have been aggregating more and more user information over the past few years due to multiple reasons.

One reason is that storage has become cheap enough to essentially store everyone’s data indefinitely. Another reason is that the companies can employ machine learning to gain certain insights into how their customers’ habits. Lastly, in many cases, the companies can also share or sell the data with other companies as another way to increase revenue.

Therefore, gathering as much data as possible on users seems to be almost all upside and no downsides. Even when there is a data breach, in most places regulations are not strong enough to punish the companies for not adequately protecting their users.

Meanwhile, because the data protection bar is set so low, consumers feel that it won’t matter much if they move to another service. In the ride-hailing industry, for instance, Careem competitors such as Uber and Lyft have also suffered data breaches or have allowed their own employees to improperly access user data.

Until online services start treating data gathering more like a liability than an asset, the incentives to keep collecting as much user data as possible likely won’t change.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.