In a concerning turn of events, allegations of a data breach involving the popular Sri Lankan ride-hailing platform PickMe have emerged. The alleged breach, which originally came to light in August, claims to have exposed data from the year 2020, affecting approximately 4 million PickMe customer records.

The leaked data reportedly includes an array of sensitive information, such as around 1.8 million email addresses, 2.8 million unique phone numbers, and approximately 1.4 million hashed passwords. Even more disconcerting is the assertion that the breach may also encompass other critical data, including credit card details, as indicated by sample data disclosed by the party responsible for the leak.

However, the precise details of how this alleged breach occurred remain unclear. PickMe's Chief Marketing Officer, Mohan Gamage, has strongly refuted the claims, asserting that this incident had been raised a few years ago. Back then, the company undertook its own thorough investigations, ultimately confirming that no breach had occurred and that no financial data had been compromised.

Mohan Gamage suggests that the purported leak of 4 million records is more likely an attempt to damage the company's reputation than an actual security incident. Nevertheless, the circumstances surrounding how the alleged leaker obtained sample data from three users are still under investigation.

PickMe, a prominent player in the Sri Lankan tech industry, employs over 140 IT engineers, with several of them dedicated to security-related matters. Moreover, the company relies heavily on robust technologies, such as Microsoft Azure and Google infrastructures, which Mohan claims offer robust protections that are challenging to breach, especially to compromise four million records.