Eastern European ridesharing service CityBee had a large amount of customer information posted for sale on a hacking forum recently. Nearly 110,000 records were posted between February 15th and 16th and included user IDs, usernames, hashed passwords, full names, as well as personal codes (national identification numbers) that belong to mostly Lithuanian CityBee users. On top of that, additional data such as driver license numbers and CityBee credit limits, as well as a folder named “CreditCards.” was posted on February 16th. The owner of the data posted to the hacking forum claimed it was stolen from CityBee sometime in 2020, however this was not the case as it had been retrieved from an unsecured Microsoft Azure blob in 2018. Cybernews reached out to Kristijonas Kaikaris, the CEO of CityBee who confirmed the legitimacy of the data and stated that the company would begin notifying customers immediately. It appears that all passwords that may have been included have been reset at this time and CityBee is in good standing with all law enforcement who have been helping out with the investigation.
Various different attack methods could be carried out due to the amount and types of data that was included. Targeted phishing attacks as well as credentials stuffing attacks involving reused passwords could take place. To prevent becoming a victim again, users should consider resetting all passwords that may have possibly been reused. Since some credit card information may have been included, it is important to keep an eye on transaction records. If any suspicious transactions do take place, they should be reported to the issuing credit agency immediately. Combining data from this breach with other data could lead to identity theft. Identity theft monitoring should be considered by those who were affected.