
Careem has identified an incident involving unauthorised access to customer data - abdullahdiaa
https://blog.careem.com/en/stories/uae/ksa/security/
======
pcx
It is ingenuine on their part to not report how detailed the trip data they
have is. Trip data could easily show Users' home/office locations, their daily
travel patterns, their kid's daycare and whatnot. This kind of knowledge can
be extremely dangerous if it falls into the wrong hands. Careem should be more
straightforward about this and explain the consequences, rather than slyly
gloss over the most dangerous part of the breach by mentioning only two effing
words about it.

~~~
netsharc
They also have only said when they figured out the breach, but not when the
breach was. It could have happened a day before January 14th, or 3 months
before January 14th. The difference is how much trust I would give them.

Interestingly they said the breach was done by "online criminals". Do they
know, or do they automatically assume that people illegally accessing systems
are criminals?

~~~
i_cant_speel
> Do they know, or do they automatically assume that people illegally
> accessing systems are criminals?

I'm not sure what distinction you are trying to make here. The fact that they
are doing something illegal makes them criminals.

~~~
na85
>The fact that they are doing something illegal makes them criminals.

Not in all countries. In Canada at least, plenty of things are against the law
(illegal) but do not constitute a criminal offence.

I'm not committing a crime when I break the speed limit almost every day on my
way to work, but what I'm doing is still illegal.

~~~
thisacctforreal
Poor example, just a week ago a 19-year-old had his family's house raided for
him scraping documents from a public gov't website.

[https://evandentremont.com/some-information-on-the-
freedom-o...](https://evandentremont.com/some-information-on-the-freedom-of-
information-hack/)

------
__bee
Funny part! I wanted to delete my Careem account. I could not do that. I
cannot delete my account.

[https://help.careem.com/hc/en-
us/articles/115008681747-How-d...](https://help.careem.com/hc/en-
us/articles/115008681747-How-do-I-delete-an-account-)

~~~
reallymental
"A Careem account cannot be deleted as every account detail can only be used
once." \- uh what?

So they've hashed your account details. They won't delete this. Great

------
tzahola
Cmd+F "seriously"

"We take the protection of our customers and captains’ data very seriously."

~~~
nuclearcookie
Exactly what I did when I opened the page.

------
amingilani
Well now.

 _What customer account data was stolen?

Customers’ name, email address, phone number and trip data._

------
stevekemp
The compromise was identified on January 14th, and the announcement took three
months? That's a pretty appalling timeline.

------
thawab
a friend ,who had a job interview with careem, told me i should use a
different mobile number and name if I'm using their service. Glad i followed
his advice.

------
thrillgore
>January 14

Thanks for not telling anyone sooner.

------
techwizrd
Why is Uber included in the title here? It makes it seem like Uber was
involved. I think the title should mention, at most, the Careem is a Middle
Eastern ridesharing company.

~~~
thesimon
Ridesharing could also include long-distance ride-sharing like BlaBlaCar.
Since Uber-for-X has become a thing, I don't think including Uber in the title
is a bad thing.

------
thisisit
I know it's difficult to find an appropriate title but wouldn't -

"Careem, ridesharing company/app in the Middle East"

work better than calling out Uber?

------
GrumpyNl
Nothing to see here, its a minor breach.

~~~
ckastner
Trip data can contain _extremely_ sensitive information.

~~~
hyder_m29
They are also unsure whether passwords or credit card details were stolen.

------
ScalaForever
Wonderful, hacking often means dumping one data store due to sec problem with
it (think 90s-SQL-injection).

I assume trip data was stored in the same system as emails - so both got
hacked. Minor security considerations would put those in different systems and
not store together.

