ADVERTISEMENT

110,000+ user records from car-sharing service CityBee leaked and sold on hacker forum

citybee leak featured img
Edvardas Mikalauskas
Edvardas Mikalauskas Senior Researcher
Feb 17, 2021 Updated: 28 September 2021 3 min read
Text

Description automatically generated
Graphical user interface, website

Description automatically generated

How to find out if you’ve been affected

What was leaked?

  • User IDs
  • Usernames
  • Full names
  • Email addresses
  • Passwords hashed using the weak SHA1 algorithm
  • Personal codes
  • Driver’s license numbers
  • Phone numbers
  • Street addresses
  • Credit card information (unclear if it’s full credit card data)
  • Car rental history
  • In-app credit limits
Graphical user interface, text, application

Description automatically generated with medium confidence
ADVERTISEMENT

Who is the company behind the leak?

Who had access to the data?

What’s the impact of the leak?

  • Spamming the victims’ emails.
  • Using the information from the database to mount targeted phishing attacks.
  • Combining stolen data with other data breaches to commit identity theft.
  • De-hashing weakly hashed passwords and carrying out credential stuffing attacks against the drivers’ other online accounts. For example, users got Spotify password reset requests due to suspicious activity shortly after the leak was published on the forum.

What to do if you’ve been affected

More from CyberNews

ADVERTISEMENT