[ad_1]
A member of the RaidForums customer database exchange forum, nicknamed “000,” posted information from CityBee on Monday about customers who signed up before February 2018.
He later made his contacts with journalists public. He was contacted by the BNS news agency through the Telegram application.
“It just came to our attention then. If I had spent more time on it, I probably would have been able to get the latest information as well, ”said the hacker who posted CityBee customer data.
He said that CityBee’s data protection was extremely poor, saying that almost anyone who had discovered the security vulnerability and had some knowledge of IT could access the data.
CityBee used Microsoft’s Azure Blob data warehousing service. “Microsoft allows the security of these repositories with additional authentication, but CityBee has chosen not to do so for some reason,” he said.
“Researchers, hackers and coders use so-called DNS records, which are like a phone book that branches out to other domains associated with the main domain. “I looked up Citybee’s CNAME type DNS records to find an interface to the Azure repository,” he added.
He said CityBee had discovered it accidentally and was more interested in data from US companies. The hacker, who posted the CityBee data, says he didn’t expect the story to resonate.
“At first I thought it was just another data breach that would get me a couple of credits. However, in the morning I saw the issue “explode”, I watched the news in Lithuania and I saw the damage, “he said.
“But my topics show an important picture of how easy it is to access data. The data of the users of the big companies is constantly leaked, “added” 000. “
The RaidForums user, who claimed to have worked with other Goofy TaeTae and ISUPK users, says he regrets the damage suffered by ordinary CityBee users, but emphasized that such data leaks occur on a daily basis.
“I sympathize with ordinary people, but not with the rich or with government officials,” said 000.
The announcement of the three-year CityBee user data was announced online Monday night. The company claims that around 110 thousand. customer data.
The data published by hackers includes emails from customers. email addresses, phone numbers, personal codes, encrypted passwords.
The Lithuanian Criminal Police Office launched an investigation into the theft of data.
Illegal interception and use of electronic data is punishable by a fine or imprisonment of up to four years.
CityBee chief Kristijonas Kaikaris said at a press conference Tuesday that hackers did not steal consumer payment data because the company does not collect or store this data.
CityBee encourages its customers who have registered in the company system before February 22, 2018 to change their passwords in both the CityBee system and other systems if the same or similar password has been used.
CityBee operates in Lithuania, Latvia, Estonia and Poland. The fleet of automobiles managed by the company consists of more than 2,000. vehicles, the company has more than 750 thousand. registered customer base.
It is not allowed to publish, quote or reproduce the information of the BNS news agency in the media and on websites without the written consent of the UAB “BNS”.
[ad_2]
