A very popular app got breached recently, and private info of 21 million users got exposed, claims KerbsOnSecurity. The app in question is called ParkMobile, and it’s available on both Android and iOS platforms.
ParkMobile, a popular parking app has been breached, and private info has been exposed as a result
KerbsOnSecurity reported that someone is selling account information for 21 million users of ParkMobile. That parking app is quite popular in North America, actually.
The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords, and mailing addresses, says the source.
KerbsOnSecurity notes that it first heard of this breach from Gemini Advisory, a New York City-based threat intelligence firm that keeps an eye on cybercrime forums. Some screenshots of stolen data were shared, including ParkMobile ParkMobile account information.
ParkMobile did respond to a question regarding that sales thread. The company said that it did publish a notification on March 26 about “a cybersecurity incident linked to a vulnerability in a third-party software that we use”.
ParkMobile also launched an investigation with the assistance of a “leading cybersecurity firm”, so that it can address the incident. The company also notified the law enforcement authorities.
The company confirmed that the investigation is ongoing
ParkMobile did say that the investigation is ongoing, and that it cannot share any other details at the moment. The company also noted that “no sensitive data or Payment Card information” was affected, as it’s encrypted.
The company also added that the attackers mostly accessed basic information, such as license plate numbers, email addresses and/or phone numbers, and vehicle names. Some mailing addresses have also been accessed, though,
ParkMobile did not inform users to change their passwords, at least not according to KerbsOnSecurity. If you are a user of the service, though, changing your password certainly couldn’t hurt.
It remains to be seen if the attackers will be caught or not, but this incident is certainly a notable one. Luckily no additional information was stolen, such as credit card information.