London metro, bus & train ticket payment system hacked

Today, any online service or application is exposed to some extent to cyberattacks that, depending on the capabilities of hackers, could lead to information theft or disruption of activities and economic losses. This time, digital forensics specialists report a security incident related to the London public transport system.

Transport for London (TFL), the public transport body in the British capital revealed that some contactless card accounts of Oyster, the payment system for transport, were hacked by unidentified threat actors. The incident was detected after customers reported the decline of the online service.

As a precaution, TFL disconnected the Oyster system, in an attempt to limit the impact of the incident, as 1 200 hacked user accounts had been detected so far, digital forensics experts reported.

In total, six million English citizens have Oyster accounts, making it easier to use London’s public transport system (including metro, train, and tram and bus service). Although the portion of users affected by the incident is minimal, authorities say they are concerned about the security of the information of the people involved.

Through a statement, TFL officials mentioned: “Contactless online accounts and Oyster user accounts are temporarily offline; this is a preventive measure until additional security measures are implemented.”

Digital forensics specialists who are working in collaboration with TFL believe this incident could be the result of a security breach in a third-party service. It is quite likely that compromised users have used the same password of their Oyster account on other online services. Using a technique known as credential stuffing, hackers try to access multiple online platforms with the same login data.

Users began reporting problems last Wednesday night. Using credential stuffing, the hackers entered the compromised accounts. In the first instance, TFL only mentioned a few “inconveniences with server performance”; they acknowledged the hacking incident until Thursday afternoon.

TFL officials added: “We will contact affected users during the incident. As a security measure for all of our users, we recommend that you do not use the same access keys for multiple sites.”

TFL also stresses that the financial information of compromised users has not been affected; however, its digital forensics team will implement some additional security measures to prevent further data leakage. On the other hand, public transport users in London will be able to use the Oyster mobile app to top up their cards while the online system remains out of order. Using ticketing machines is also a viable option.

International Institute of Cyber Security (IICS) digital forensic specialists recommend that Oyster account owners contact TFL in case of detecting any anomalous activity on their accounts. The incident will continue to be investigated by the UK’s National Cyber Security Centre and British police.