Ethical hacker Idris Shareef has sparked a heated debate on social media after publicly calling out Safaricom, Kenya’s biggest telecom provider, for ignoring security vulnerabilities he reported.
On February 21, Shareef posted a photo of himself on X (formerly Twitter) and announced his plan to “ethically hack” Safaricom live on the platform.
Frustrated by the company’s silence, he revealed that despite his efforts to help them strengthen their systems, they neither responded nor rewarded him.
Safaricom CEO Peter Ndegwa. Photo: Citizen TV Kenya Source: Facebook
“No rewards, no thanks, just silence,” he wrote, jokingly hinting that he might get into trouble for his actions.
His move has reignited discussions about how corporations handle ethical hackers who identify flaws in their systems.
Safaricom, already under fire for various issues, is now facing fresh criticism. Many Kenyans still remember the backlash the company faced in June 2024 during the anti-Finance Bill protests, when it was accused of restricting internet access and allegedly sharing customer data with authorities, leading to the abductions of anti-government activists.
Peter Ndegwa, Safaricom, Kenya’s leading communications company in Africa, Chief Executive Officer (CEO), gestures as he speaks during a past interview. Photo: Getty images
Beyond these concerns, Kenyans have also complained about Safaricom’s poor service, hidden charges, and unauthorized subscriptions, such as the controversial “Cheza Games” service.
These frustrations have only added to public anger, with many questioning Safaricom’s commitment to customer satisfaction and security.
Despite having a vulnerability disclosure policy on HackerOne, Shareef’s experience suggests that Safaricom does not fully engage with ethical hackers who try to help.
As he continues his public demonstration, Kenyans remain divided—some applaud his transparency, while others fear he may face legal consequences.
So far, Safaricom has remained silent on both Shareef’s claims and the wider allegations against them. This has left many wondering whether the company truly values cybersecurity and customer trust.
But Safaricom PLC, under Peter Ndegwa’s leadership, faced criticism after it emerged as one of the entities seeking to invest in the Ksh 104 billion State House of Assembly (SHA) system, led by Board Chairman Adil Khawaja.
Concerns over transparency and Safaricom’s deepening ties with government projects sparked public outrage, with many questioning its corporate ethics and political influence.
In 2024, during the Kenya Certificate of Secondary Education (KCSE) examinations, Safaricom was accused of throttling Telegram internet speeds to prevent exam leakage.
This move sparked outrage, with critics linking it to past allegations of aiding government surveillance and restricting online freedoms during nationwide protests.
