Bus-sharing app Swvl hit with security breach; names, numbers of users compromised

Company says hackers did not access passwords, credit card information

LAHORE: Popular bus sharing service Swvl on Tuesday disclosed that the firm encountered a security breach, wherein customer data including names, email addresses and phone numbers were compromised.

“We wish to inform you that our team recently identified a security breach that involved unauthorised access to our systems,” SWVL said in a note to its users on the company’s website.

A security breach occurs when an intruder gains unauthorised access to an organisation’s protected systems and data. Cybercriminals or malicious applications bypass security mechanisms to reach restricted areas. A security breach is an early-stage violation that can lead to things like system damage and data loss.

The company disclosed that the unauthorised access to its system took place on the evening of July 3. “The investigation into the breach was still underway,” the company said in its note which was last updated on July 6. 

Swvl is an Egyptian bus transportation network company based in Cairo that was founded in April 2017 by Mostafa Kandil. It operates buses along fixed routes and allows customers to reserve and pay for them using an app, with operations in Egypt, Kenya and Pakistan in the Middle East and North Africa (MENA) and Africa regions.  

In Pakistan, Swvl has operations in Karachi, Lahore and Islamabad. In an announcement in November 2019, the company committed $25 million investment to expand its operations in Pakistan.

It is unclear how many users were affected by the breach. The company did not provide any details elaborating if the security breach was restricted to users in all the countries where it operates or was limited to a specific geography.

Swvl said that as per their investigation, sensitive information like passwords and credit card information were not affected or exposed. It also signed out all the customers from their accounts as a precautionary measure.

“Furthermore, the vulnerabilities have been addressed, and we are working tirelessly to make sure this doesn’t happen again, including deploying further additional security measures. As soon as we became aware of the breach, we launched an internal investigation to determine the cause of the security breach,” said the company. 

“At the same time, we also engaged with leading cybersecurity experts to help us resolve the data breach and strengthen our security systems,” it said.

Profit reached out to Swvl to understand the extent and impact of the breach in Pakistan. No response was received till filing of this report. 

Security breaches like these are not uncommon. In 2018, hackers accessed the names, email addresses, phone numbers and trip data of users of popular ride-sharing service Careem. The company had also denied that any passwords or credit card information was accessed by hackers.

In 2016, ride-sharing service Uber had disclosed that hackers had stolen the personal information of about 57 million customers and drivers. According to reports, Uber had discovered the data breach in late 2016 and then waited to disclose the news almost a year later.

Taimoor Hassan
Taimoor Hassan
The author is a staff member and can be reached at [email protected]


  1. Mr. Mostafa Kandil your initiative to the Capacity Building is well appreciated. SWvL. The Digitised Mobility/Transport Surface, Rail, Buses, Commuters, for services in Pakistan. Hybridisation On Line Complaint status. As you know several initiatives are under way which includes CPEC (China Pakistan Economic Corridor) hybridisation between railways and public transport, the new potential offered by Driverless Trains, the Internet of Things, smart maintenance. The railways need a suitable system to circulate these ever increasing communication flows. The CEPEC had founded peace, development with a win – win model for Pakistan China, in addition to all countries of the region. In view of the upcoming challenges comforts of relief with Digitisation, CEPEC. I suggest to consider accepting ticket from the kiosk of SWvl the bearer should buy a token/ticket for a ride for Seniors, people without smart device to broad usage of service for aged, and PWD.

  2. Trust the security breach issue is resolved. The Sindh Government will by itself provide you all support during Covid-19 compliance, with related subsidies for fuels petroleum/diesel again getting shorter. The Honorable CM Sindh will be very happy/and will support your
    initiative. Best wishes

Comments are closed.

Must Read