Swvl reveals security breach; names, email addresses and phone numbers of customers accessed by unauthorized party

Swvl was hit with a security breach that compromised its user data including names, email addresses and phone numbers of the customers, the bus-hailing company announced on Monday.

“On the evening of 3rd July 2020, Swvl became aware of unauthorized access to our system. The investigation into the breach is still underway, but at this stage, it is clear that the data which was compromised is restricted to names, email addresses, and phone numbers,” noted the company’s announcement adding that their investigation has ensured that the passwords and credit card information of the users were not affected or exposed.

Swvl did not say if the breach affected all its users but it has logged out all its users from their accounts as a precautionary measure.

The company that operates its bus-hailing services across Egypt, Kenya & Pakistan said that it has addressed all the vulnerabilities and is taking different measures to ensure it doesn’t happen again.

The statement by the company also explained that its specialist teams immediately began investigating the incident, prioritizing customer details’ protection and the security of the company’s IT systems.

“We have assembled a team of technology and security specialists with world-class skills specializing in incidents such as these. We immediately identified and addressed specific vulnerabilities that our IT infrastructure may have had, ensuring our customers’ data integrity. Our team of IT and security personnel have devoted all their efforts around the clock to ensure that we live up to our responsibility to protect our customers and their details,” noted the statement.

In addition to logging users out, Swvl said it has regenerated all access keys to its systems and infrastructure, reviewed all access privileges, reviewed all firewalls and access controls, and strengthened [different] areas of its system to increase its security and resistance to attacks.

The Dubai-headquartered company has advised its users to change the password of their Swvl accounts and any other account where they’re using a similar password. Swvl has also reminded the users that it never emails, calls, or texts them for their personal details, including account passwords.

It is the second high-profile data breach revealed by a consumer-focused tech startup in the Middle East & North Africa. In January 2014, Careem was hit by a cyberattack in which data of 14 million users was stolen by the hacker(s).

We’ve reached out to Swvl to learn more details and will update the story if we hear from them. 

Zubair Naeem Paracha
To Top