aA
The hacker who has recently leaked data of 110,000 Lithuanian-registered users of the car-sharing service CityBee says the company’s security measures were poor, adding that he has no more data.
"CityBee" parką papildė "Žigulys"
"CityBee" parką papildė "Žigulys"
© Kompanijos archyvas

"000", a member of the data base-sharing forum RaidForums, on Monday posted information about clients who registered before February, 2018.

He later published his contact information for journalists. BNS contacted him via the Telegram app.

"Everything I posted is all I have. If I spent more time, I probably could've gotten the latest info," the hacker said, adding that CityBee's data protection is really bad and anyone with a bit of IT knowledge could have gotten access to it.

"CityBee was using a service provided by Microsoft called Azure Blob, which is used as storage of some sorts. Now Microsoft allows you to secure those blobs with authentication, which Citybee for some reason chose not to," he said.

"Now, for researchers, hackers, coders etc. there's something called DNS records, almost like a phone book which branches out to other domains that are related to the main domain. I was able to search CityBee in a DNS record called CNAME which linked to their azure blob and other things like their website," "000" said.

He said he found CityBee accidently as he's mainly interested in data of US companies. The hacker also said he did not expect this case to attract so much attention.

"At first I thought it would just be another leak gaining me a couple of credits. But in the morning I saw that my thread blew up and looked at Lithuanian news and saw the damage," he said.

The RaidForums user, who said he was acting with other users "Goofy TaeTae" and "ISUPK", said he's sorry for the damage incurred by CityBee users, stressing, however, that such data leaks happen daily.

"I have sympathetic feelings towards average citizens, not so much to the rich and government officials," he said.

The news about the data leak broke on Monday night. CityBee says data of 110,000 clients leaked, including emails, phone numbers, personal codes and enciphered passwords.

Lithuania's Criminal Police Bureau has already launched an investigation into data theft. Those responsible are facing a fine or up to four years in prison.

CityBee CEO Kristijonas Kaikaris told a press conference yesterday that the hackers did not steal customers' payment information because the company does not collect such data.

CityBee has urged users registered before February, 2018 to change their passwords, as well as change them in other systems if they yse similar passwords there.

CityBee operates in Lithuania, Latvia, Estonia and Poland. The company owns a fleet of over 2,000 vehicles and has a registered customer base of more than 750,000 people.

BNS
It is prohibited to copy and republish the text of this publication without a written permission from UAB „BNS“.

Some 169 people turn to police over stolen CityBee data

Some 169 people have turned to Lithuania's police over the theft of their personal information from...

Cinemas saw revenue drop almost 3 times last year

Pandemic-related restrictions pushed revenue and the number of spectators of Lithuanian cinemas down...

Winner of tender to provide coronavirus testing at Lithuanian Airports announced

Lithuanian Airports have announced that the medical testing company „Rezus.lt“ has won a public...

Hacker: I posted everything I have, Citybee data protection was poor

The hacker who has recently leaked data of 110,000 Lithuanian-registered users of the car-sharing...

Avia Solutions Group wants to expand at Vilnius Airport (1)

Avia Solutions Group, an aviation business group, has asked Lithuania's government for permission to...

Top news

Lithuania extends lockdown until April (2)

The Lithuanian government on Wednesday extended the coronavirus lockdown for another month, until...

Some 169 people turn to police over stolen CityBee data

Some 169 people have turned to Lithuania's police over the theft of their personal information from...

631 new COVID-19 cases

On Tuesday, 631 new coronavirus cases were recorded in Lithuania. In total, it adds to 195 481...

Landsbergis: we're ready to share vaccines with Ukraine, once we have plenty of them

Lithuania stands ready to share coronavirus vaccines with Ukraine, once the country has sufficient...

Increased air pollution recorded people advised not to exercise outdoors

An increase in air pollution has been recorded in Lithuania in recent days and residents are advised...