Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
    • Best web hosting services
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » 110,000+ user records from car-sharing service CityBee leaked and sold on hacker forum

110,000+ user records from car-sharing service CityBee leaked and sold on hacker forum

by Edvardas Mikalauskas
17 February 2021
in Security
0
110,000+ user records from car-sharing service CityBee leaked and sold on hacker forum
30
SHARES

The leak could put 110,000+ Lithuanian CityBee users at risk of identity theft and credential stuffing attacks.

A database that belongs to CityBee, a car sharing service that operates in the Baltic states and Poland, has appeared on a popular hacker forum. 

The first part of the database was posted on February 15 and includes 110,000 CityBee user IDs, usernames, hashed passwords, full names, as well as personal codes (national identification numbers) that belong to mostly Lithuanian CityBee users. 

Text  Description automatically generated

The second part, posted on February 16 by the same author, appears to contain more detailed personal information, potentially including driver license numbers and CityBee credit limits, as well as a folder named “CreditCards.”

Graphical user interface, website  Description automatically generated

While the owner of the post initially claimed that the data had been stolen from CityBee sometime in 2020, it was later confirmed that the database was exfiltrated from an unsecured Microsoft Azure blob managed by CityBee at least from February 2018. 

It appears that a Rapid7 Open Data Forward DNS tool was used to search the reverse DNS lookup, which was how the threat actor found the unsecured CityBee blob. Then, a directory brute-force attack was used to enumerate directories in the blob, after which the threat actor downloaded the files.

We informed CityBee about the leak on February 15 and asked if they could confirm that the leak was genuine. CityBee CEO Kristijonas Kaikaris confirmed the authenticity of the leak and informed affected customers on the same day. 

According to Kaikaris and our own tests, the unsecured Azure blob has been closed, the passwords of the affected users have been reset, and CityBee is cooperating with the police and local cybersecurity experts in investigating the crime. The Lithuanian State Data Protection Inspectorate will also investigate whether CityBee secured the data properly. 

How to find out if you’ve been affected

To see if your data was exposed in this or other security breaches, use our personal data leak checker. Our leak checker tool is the largest on the market, with a library of over 15+ billion breached accounts, including those exposed in the CityBee leak.

What was leaked?

Based on the samples we saw from the first part of the database, it contains:

  • User IDs
  • Usernames
  • Full names
  • Email addresses
  • Passwords hashed using the weak SHA1 algorithm
  • Personal codes

The second part of the CityBee database appears to contain a wide variety of personal and app-related data, including:

  • Driver’s license numbers
  • Phone numbers
  • Street addresses
  • Credit card information (unclear if it’s full credit card data)
  • Car rental history
  • In-app credit limits

Example of the second database directory screenshot posted by the threat actor on the forum:

Graphical user interface, text, application  Description automatically generated with medium confidence

Who is the company behind the leak?

Founded in 2013, CityBee is a car-sharing company that operates in Lithuania, Latvia, Estonia, and Poland and owns a fleet of over 2,000 vehicles. 

The company has a customer base of more than 750,000 drivers, 110,000+ of which had their information leaked on the hacker forum. 

Who had access to the data?

The initial part of the database is available for anyone to access for about $2.50 in virtual currency. 

The second part is available for forum users to download for $1,000 worth of Bitcoin. It appears that the second part of the database has now been sold to multiple buyers. 

For this reason, we assume that anyone with enough Bitcoin to spare can access the second CityBee database.

What’s the impact of the leak?

The data found in the hacked CityBee database can be used in a variety of ways against the drivers whose data was exposed, including the following:

  • Spamming the victims’ emails.
  • Using the information from the database to mount targeted phishing attacks.
  • Combining stolen data with other data breaches to commit identity theft.
  • De-hashing weakly hashed passwords and carrying out credential stuffing attacks against the drivers’ other online accounts. For example, users got Spotify password reset requests due to suspicious activity shortly after the leak was published on the forum.

Fortunately, neither of the stolen CityBee databases contain the users’ passport or ID card document numbers, which, in addition to personal codes found in the first part of the database, would be required in order to commit identity theft against Lithuanian citizens. 

However, particularly determined attackers could combine the information found in the databases with older breaches to build complete profiles of the victims for identity theft attacks.

What to do if you’ve been affected

If you have a CityBee account, immediately change your password if you have not done so already, and consider using a quality password manager to create strong, complex passwords. If you’ve been using your CityBee password for any other online services, make sure to change it there as well.

Using a unique password for each online service will prevent threat actors from reusing it for credential stuffing attacks. 

Additionally, make sure to add multi-factor authentication on your more sensitive accounts. That way, even if an attacker has your username and password, they won’t be able to get into your accounts.

Share30TweetShareShare
Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

500M LinkedIn user records sold on hacker forum
News

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

by CyberNews Team
6 April 2021
5

We updated our leak checker database with more than 780,000 email addresses associated with this leak...

Read more
LinkedIn, FB, Twitter, Clubhouse apps seen on an iPhone

Recent Facebook, LinkedIn and Clubhouse leaks explained

15 April 2021
Cheapest tool to kill satellites? A computer

Cheapest tool to kill satellites? A computer

13 April 2021
A gift to criminals and tyrants? Soon, wireless devices could become object sensors

A gift to criminals and tyrants? Soon, wireless devices could become object sensors

13 April 2021
“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

12 April 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
    • Best Web Hosting Services
  • Tools
    • Password Generator
    • Personal Data Leak Checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.
Subscribe For Security Tips And CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Our Privacy Policy and Terms & Conditions

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.