According to the hacker behind the breach, they found the backup database of CityBee exposed on the internet for public access.
CityBee, a prominent Lithuania-based car-sharing platform has suffered a data breach in which personal data including login credentials of its registered customers have been leaked on a prominent hacker forum.
It is worth noting that CityBee is quite a thing in Lithuania. The company rents cars, scooters, bicycles, and even trucks to its customers.
What Happened?
According to the hacker, one of CityBee’s website backups was publically available without any security authentication meaning anyone could have downloaded the data. This database contained sensitive data of over 110,313 including the following:
Names
Surnames
Personal codes
Telephone numbers
Residence addresses
Driver’s license numbers
Encrypted passwords
However, the data leaked by the hacker only contained email addresses, password hashes, first names, last names, and government ID numbers. The rest of the data was put for sale.
Data exposed by CityBee that was put to sale by the hacker
How did it happen?
Initially, the hacker apologized to the victims (customers/users) affected by the CityBee data breach. They went on to explain that they did not know “CityBee is a big company” because of extremely lax security on their site.
So the security behind CityBee is alarming. We’ve seen other company’s get hacked in the same way whether it be open s3 buckets or azure blobs and I guess companies haven’t learned, the hacker said in a statement.
Doing a quick search on some CNAME records shows us some pretty juicy info. I specific ..
Support the originator by clicking the read the rest link below.
