CityBee – Do we Care? - X-Industry

One can say, “Do we really care what happens in Lithuania?” Well, with the World that is shrinking Day by Day; we all need to watch every inch of the Cyber-Globe for malicious cyber trends and triggers. According to the hacker behind the CityBee breach, the black hats found the backup database of CityBee and exposed it on the Internet for all to see and use. CityBee is a leading Lithuania-based car-sharing platform who suffered a data breach in which personal data, including customer login credentials, has been leaked on a prominent hacker forum. It is interesting to note that CityBee is quite the rage in Lithuania. The company rents cars, scooters, bicycles, and even trucks to its customers.[1]

So what Happened? The hacker announced that one of CityBee’s website backups was publicly available without any security authentication - meaning anyone could have downloaded the data. This database contained sensitive data of over 110,313 including the following:

Names
Surnames
Personal codes
Telephone numbers
E-mail
Residence addresses
Driver’s license numbers
Encrypted passwords

However, the data leaked by the hacker only contained email addresses, password hashes, first names, last names, and government ID numbers. The rest of the data was put for sale, as the bad guys must always make money from their thievery.

Initially, the hacker apologized to the victims (customers/users) affected by the CityBee data breach. Even crooks have hearts. They went on to explain that they did not know “CityBee is a big company” because of extremely lax security on their site. But they stole the data anyway. The hacker maintains that what they did was not illegal in any way since the database was available publicly and did not require any hacking to access. Criminal often rationalize their acts. It still doesn’t make it right.

CityBee has acknowledged the breach. In a 15 February 2021 public statement on Facebook, CityBee announced that it is aware of the breach and an investigating the incident. The next day, the company concluded that the database only contained information of customers who registered their accounts before 22 February 2018. Police in Lithuania are investigating the theft of personal data regarding 110,000 people. CityBee risks a fine of up to €20 million or around 4% of its turnover if found in breach of data privacy rules.[2] Ouch.

CityBee sheepishly assures that its customers’ payment information is safe as it was never collected by the company. However, it is urging its users to immediately change their passwords on the CityBee platform. If you are one of the victims of the data breach it is advised to additionally enable two-factor authentication on your CityBee account.

The above can happen; anywhere and at any time - Regardless of location. The legitimate and illegitimate Internet has no borders. All companies and businesses need a reasonable level of network protection and sound cyber security procedures and training. Is that all a network needs? No. Had the big-mouthed hacker not announced the CityBee breach and subsequent on-line sale of data – the victims would not know what happened. Enter Red Sky Alliance and CTAC/RedXray and it RedPane dark web collection and analysis component. Our products help further protect your network against hacking and later anguish. Our tools and services are an excellent complement to a network defense for any foreign or domestic cyber threat (even in Lithuania). See below links for assistance. In addition to offering cyber protection, we offer cyber insurance through Cysurance. Call for a quote.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com

Weekly Cyber Intelligence Briefings:
https://attendee.gotowebinar.com/register/3702558539639477516