The system responsible for controlling the operations of “Bycyklen”, the bicycle exchange system of the city of Copenhagen, Denmark, was hacked over the weekend by unknown actors. According to information security experts, these malicious actors had a deep knowledge of the functioning of the system.
This attack affected approximately 1,860 bicycles, interrupted the service and did not allow its use between Friday and Saturday. The Copenhagen Post newspaper of Denish said that only 200 bicycles were not affected so it is almost impossible for users to find one during peak hours.
Information security researchers are not yet clear what vulnerability exploited the hackers or what were the reasons, as Bycyklen wrote on his page that no data was stolen from any user. However, all data was erased and the entire system fell as a result of the attack that forced Bycyklen to manually update all its bicycles in the city.
“All the databases were eliminated and, therefore, the system has been out of service.” The way in which the attack was carried out is quite primitive, but shows that it has been carried out by a person with knowledge of the structure of our system, “said the company.
“The servers were analyzed after the attack and there are no signs of data loss, the attack has only been directed at our business, not our users.”
The company does not store payment card information, but it stores email addresses, phone numbers and PIN codes on the server. The publication also indicated that users’ PINs and passwords are stored in an encrypted format.
However, information security professionals recommend that users change their PINs as soon as possible.
“In databases,” salty password hashing “is used, which means that the PINs are encrypted and cannot be read or reproduced,” the company explained.