Due to a data breach, the account details of 21 million customers of ParkMobile, a prominent mobile parking app in North America, are now being sold online. The data includes customer email addresses, date of birth, phone numbers, license plate numbers, hashed passwords, and mailing addresses.
ParkMobile issued a statement regarding the cybersecurity incident in March, stating that it was caused by a vulnerability in third-party applications employed by them.
The sources state, “In response, we immediately launched an investigation with the assistance of a leading cybersecurity firm to address the incident. Out of an abundance of caution, we have also notified the appropriate law enforcement authorities. The investigation is ongoing, and we are limited in the details we can provide at this time. Our investigation indicates that no sensitive data or Payment Card Information, which we encrypt, was affected. Meanwhile, we have taken additional precautionary steps since learning of the incident, including eliminating the third-party vulnerability, maintaining our security, and continuing to monitor our systems.”
When asked for clarification on what information the attackers gained access to, ParkMobile reported that it included basic account information such as license plate numbers, email addresses and/or phone numbers if given, and vehicle nickname.
ParkMobile does not store user passwords, but rather it stores the output of a fairly robust one-way password hashing algorithm called bcrypt, which is much more resource-intensive and expensive to crack than common alternatives like MD5. The database stolen from ParkMobile and put up for sale includes each user’s bcrypt hash.
According to the source, the company stated, “In keeping with our commitment to transparency, we want to sh ..