Pakistan’s Top Automotive Community Failed to Protect its Users’ Data
PakWheels – the most popular automotive community online in Pakistan, via email notifications, told its users about a security breach they recently discovered in their platform. The community administration advised their users to change their passwords for security purposes.
Although PakWheels didn’t disclose any further details about the security breach and about how much damage it actually had caused the community or its users’ data, HackRead – a platform for hacking news, claimed that the security breach in the community caused over 674,775 users’ data to be stolen that included their names, emails, mobile numbers, encrypted passwords and facebook sessions.
In the email, PakWheels kept the vBulletin – one of the most used forums software that was in use by the community, as responsible for the vulnerability which was fixed soon but admitted that the breach may have exposed some user data/information to third party.
“We recently came across a security breach in our forums software, which may have exposed some user information to a third party. The security breach was due to a known vulnerability in vBulletin – the forum software used by PakWheels.com. The vulnerability was fixed as soon as it was found to secure the forums again.” the email reads exactly. “However, it is recommended that you change your account password to ensure security of information at your end.”
HackRead also revealed that the breach in the community actually happened before the month of October 2016, but not so recently as disclosed by PakWheels in the email. In fact it can be confirmed from LeakedSource website easily that the breached data was listed in their database on approximately September 11th.
Check if your Email Address was included in the breach:
Following screen grab was taken from LeakedSource when searching for an email address. So you don’t need to concentrate on 1 result found.
If you had signed up with PakWheels, you can just head over to LeakedSource’s database and search for your email address, name or phone number to know if it was included in the recent breach. But the serious thing is that this data is public and Google has already indexed this information which can also be searched easily if you have played with Google search tricks.
Even though searching LeakedSource can give you above information, the database has not yet added “PakWheels” in their list of hacked websites. Once added, they will also add the total number of effected users. For now you can rely on the numbers given of HackRead.
PakWheels Reach and Popularity
Currently ranked number 66 on Alexa, PakWheels was first started in 2003 as a community forum for discussions about automotive in the country and later expanded to a full fledged portal with the features of classified ads, selling/buying used vehicles, and now grown up to add online store for auto parts and accessories.
Interestingly when looking at Alexa ranking for PakWheels, the platform has also shown decline in their traffic since September 2016. But with all this stuff, the community has moved from vBulletin software to Discourse which has been adapted by many communities who wanted to move from vBulletin. PakWheels has also put the notification about the software change on their board.
The community being a platform for as huge user base as PakWheels is, it really needs to be responsible to secure its users’ data. Even if the breach was caused due to the third party software they use, it’s their duty to stay up-to-date with the security fixes software releases.
HackRead also adds that this is not the first time a high-profile website in Pakistan got hacked. Previously Zameen.com – the top real estate platform also got hacked and got its data leaked when they didn’t take the hacker serious.
On the other hand vBulletin has also been one of the biggest target of hackers recently as a dozen websites and communities running the board software got hacked globally.