[ad_1]
A member of the RaidForums customer database exchange forum, CityBee, posted information on Monday about customers who signed up before February 2018.
He later made his contacts with journalists public. He was contacted by the BNS news agency through the Telegram application.
“It just came to our attention then. If I had spent more time on it, I probably would have been able to get the latest information as well, ”said CityBee, who published customer data for developers.
He said that CityBee’s data protection was extremely poor, saying that almost anyone who had discovered the security vulnerability and had some knowledge of IT could access the data.
CityBee used Microsoft’s Azure Blob data warehousing service. Microsoft provides security for these repositories security with additional authentication, but CityBee chose not to do it for some reason, ”he said.
“Researchers, programmers and coders use so-called DNS records, which are like a phone book that branches out into other domains associated with the main domain. “I looked up Citybee’s CNAME type DNS records to find an interface to the Azure repository,” he added.
He said CityBee had discovered it accidentally and was more interested in data from US companies. The programmers who released the CityBee data say they didn’t expect the story to resonate.
“At first I thought it was just another data breach that would get me a couple of credits. However, in the morning I saw that the subject had “exploded”. I watched the news in Lithuania and saw the damage, “he said.
“But my topics show an important picture of how easy it is to access data. Data from users of large companies is constantly leaked, ”added 000.
The RaidForums user, who claimed to have worked with other Goofy TaeTae and ISUPK users, says he regrets the damage suffered by ordinary CityBee users, but emphasized that such data leaks occur on a daily basis.
“I sympathize with the common people, but not with the rich and government officials,” said 000.
The announcement of the three-year CityBee user data was announced online Monday night. The company claims that around 110 thousand. customer data.
The data published by hackers includes emails from customers. email addresses, phone numbers, personal codes, encrypted passwords.
The Lithuanian Criminal Police Office launched an investigation into the theft of data.
Illegal interception and use of electronic data is punishable by a fine or imprisonment of up to four years.
CityBee chief Kristijonas Kaikaris said at a press conference Tuesday that programmers did not steal consumer payment data because the company does not collect or store this data.
CityBee encourages its customers who have registered in the company system before February 22, 2018 to change their passwords in both the CityBee system and other systems if the same or similar password has been used.
CityBee operates in Lithuania, Latvia, Estonia and Poland. The fleet of automobiles managed by the company consists of more than 2,000. vehicles, the company has more than 750 thousand. registered customer base.
[ad_2]
