Cyber Incident Victim: Bykea

On September 1, 2020, unidentified hackers infiltrated the systems of Bykea, a Karachi-based vehicle-for-hire and delivery company, deleting its entire database during the early morning hours. The company detected the intrusion promptly, containing the attack before further damage occurred. Bykea’s CEO, Muneeb Maayr, confirmed the breach disrupted services but emphasized that backups prevented data loss. Initial analysis suggested attackers sought to exploit server resources for cryptocurrency mining or to copy data for ransom purposes. Following detection, the hackers reportedly panicked and deleted the database—an action the company characterized as accidental rather than intentional destruction. The incident highlighted the attackers’ failure to achieve their objectives due to Bykea’s operational safeguards. No evidence indicated customer data theft or exfiltration occurred during the breach.

Bykea restored its services by the evening of September 1 despite ongoing efforts to fully reconstruct the deleted database from backups. The company maintained normal operations during recovery, avoiding significant customer impact or reputational damage. Maayr described the attack as routine for a technology-focused mobility firm, though the hackers’ identity and initial access vector remained undetermined. The breach underscored the effectiveness of Bykea’s backup strategy in mitigating data loss risks. No financial demands or external communications from threat actors were reported, and the incident concluded without further escalation. Forensic investigations continued post-restoration to identify vulnerabilities exploited in the attack.