Contents:
The scooter-sharing service has confirmed suffering a data breach soon after hackers launched the sale of a database containing the details of 7.2 million customers.
Whoosh operates in 40 cities across Russia, with over 75,000 scooters which makes it the leading urban mobility service platform in the country.
Upon a Closer Look
Last week, threat actors went ahead and began selling the stolen data on a hacking forum, despite reassurances given by the company earlier in November, when its spokesperson had confirmed the cyberattack yet claimed their IT experts had managed to stop it from causing any damage. The leaked data supposedly contains promotion codes for free service access, as well as partial user identification and payment card data.
In a new statement, Whoosh admits that there is a leak and informs its users they are working with law enforcement authorities to take all measures to stop the distribution of data.
The leak did not affect sensitive user data, such as account access, transaction information, or travel details. Our security procedures also exclude the possibility of third parties gaining access to full payment data of users’ bank cards.
According to BleepingComputer, around 7.2 million Whoosh customers had their details leaked when a user on the ‘Breached’ hacking forums posted the database that included email addresses, phone numbers, and first names. In addition, the database contained 3,000,000 promo codes which could be used to rent Whoosh scooters without paying, as well as partial payment card details of 1,900,000 users.
The seller says they are looking for precisely five buyers for $4,200 each, or .21490980 bitcoins, and according to the platform used for the transaction, no purchase has yet been made.
Russian Leaks in Review
Back in April, the hacker organization NB65 infiltrated Russian businesses, collecting their data then exposing it online, while last month a Russian retail chain, disclosed that its systems had been breached, resulting in the personal data of customers and employees being leaked online.
A report published in September claimed the number of databases of Russian companies that had their databases targeted had doubled over the summer, compared to the spring of this year. 140 database sales, with the total number of exposed records reaching 304 million, all of which stolen from Russian companies during the summer months.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.