A popular mobile parking app called ParkMobile has encountered a data breach. What is the result? The personal data related to 21 million customers of the application are sold online. These customers use ParkMobile to find available parking spaces and pay for them without having to run to the parking meter every few minutes.
In his blog called KrebsOnSecurity, Brian Krebs noted the extent of the data available for sale. The data includes the application's clients's emails, telephone numbers, license plate numbers, the client's date of birth, mailing address and hashed passwords. Data breach information came to light because of Gemini Advisory.
According to Krebs, "Gemini shared a new sales thread on a Russian-speaking criminal forum that included my ParkMobile account information in the accompanying screenshot of the stolen data. The data includes my email and phone number, as well as the license plate for four different vehicles we have used in the last decade. ”
On March 26, ParkMobile informed subscribers that it had detected “a security breach associated with a third-party software vulnerability that we use. In response, we immediately started a search with the help of a top cybersecurity company to deal with the incident. We have also informed the competent law enforcement authorities. The investigation is ongoing and unfortunately we can not provide you with more details at this time. "
ParkMobile told interested users that no credit card information had been stolen. In a first statement, the company said, "Our investigation shows that sensitive data or payment card information that we encrypt was not affected."
ParkMobile initially posted an update on its website stating that this was a data breach. While the company did not initially suggest that users change their passwords, this would be the wisest move.
The information received from ParkMobile customers was offered for sale at a price of $ 125.000.
One week ago, ParkMobile updated its post again and added: "Our search concluded that they had access to encrypted passwords, but not keys. encryption needed to read them. While protecting user passwords by encrypting them with advanced hashing and salting technologies, as an added precaution, users can consider changing the passwords in the "Settings" section of the ParkMobile application.
Our investigation confirmed that key user information was stolen - license plate numbers and, if provided by the user, email and / or telephone numbers. In a small percentage of cases, mailing addresses were affected. No credit cards were stolen and we do not collect social security numbers, license plates or dates of birth.
Rest assured that we take our responsibility to safeguard the security of our users' information and value your continued trust. ”
Source of information: phonearena.com