Eastern European ridesharing service CityBee had a large amount of customer information posted for sale on a hacking forum recently. Nearly 110,000 records were posted between February 15th and 16th and included user IDs, usernames, hashed passwords, full names, as well as personal codes (national identification numbers) that belong to mostly Lithuanian CityBee users. On top of that, additional data such as driver license numbers and CityBee credit limits, as well as a folder named “CreditCards.” was posted on February 16th. The owner of the data posted to the hacking forum claimed it was stolen from CityBee sometime in 2020, however this was not the case as it had been retrieved from an unsecured Microsoft Azure blob in 2018. Cybernews reached out to Kristijonas Kaikaris, the CEO of CityBee who confirmed the legitimacy of the data and stated that the company would begin notifying customers immediately. It appears that all passwords that may have been included have been reset at this time and CityBee is in good standing with all law enforcement who have been helping out with the investigation.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is