Uber Technology Inc.’s main ride-hailing rival in the Middle East, Careem Inc., has followed in its footsteps but not in a good way, as news broke Monday that a hacker had managed to steal millions of customer records.

The hack, described by the company as “a cyber incident involving unauthorized access to the system we use to store data” on Jan. 14, included names, email addresses, phone numbers and trip data but not passwords or credit card information.

Some reports suggested that the records of 14 million customers and 558,000 drivers were accessed, but the company is being coy. It told local media that it could not share how many people were affected because it “does not disclose market data.” But it did note that it has 20 million customers across 14 countries and close to 100 cities, so it can only “estimate” around 14 million of these customers may have been affected by the incident.

Setu Kulkarni, vice president of corporate strategy at WhiteHat Security Inc., told SiliconANGLE that the hack of Careem “reaffirms that we’re never out of danger from a breach of our personal information.”

“As online platforms rapidly and successfully connect consumers to service providers, these platforms are becoming treasure troves of personally identifiable information,” Kulkarni said. “Unfortunately, in the pursuit of time to market and rapid user adoption, not enough attention is paid to application security.”

One potential cause of the incident, he said, is that a vulnerable backend API allowed the unauthorized access. “While reacting to the incident in the way Careem has done is absolutely the right thing to do, it is also important to take a proactive approach to application security by testing all digital assets–be it web, mobile or APIs–throughout their development lifecycle,” he said. “It’s also important to provide adequate and appropriate training and education to foster meaningful collaboration between IT/Ops and security teams to understand and prioritize how to mitigate risk. Comprehensive security testing and training along with continuous assessment of production assets could make such massive breaches a thing of the past.”

Photo: Zizolo0ol/Wikimedia Commons