You have heard about ride-sharing companies like Uber and Careem becoming victims of large-scale cyber attacks but now a bike sharing company has been hacked after falling for a damaging cyber attack.
The computer system responsible for controlling and managing operations of Denmark’s Copenhagen city’s bicycle sharing system “Bycyklen” was hacked over the weekend by unknown hackers with in-depth knowledge of how the system worked.
The hack attack affected around 1,860 bicycles by disrupting its service and not allowing riders to use the service between Friday and Saturday. According to Denish newspaper The Copenhagen Post, only 200 bicycles remained unaffected making it impossible for riders to find one during peak hours.
Bycyklen is a paid bicycle sharing system launched in April 2014 featuring electric bicycles equipped with a GPS routing device allowing users to book rides with their Android and iOS apps.
It is unclear which vulnerability the hackers exploited or what their motives were since Bycyklen wrote on its Facebook page that no user data was stolen. However, everything was erased and the entire system went down as a result of the malicious action which forced the company to update each and every one of their bikes in the city manually.
“All of our databases were deleted and, therefore, the system has been out of operation all Saturday, except for a short period of time in the middle. The way the attack was carried out is actually rather primitive but demonstrates that it has been carried out by a person with a great deal of knowledge of the structure of our system,” the company said in their Facebook post.
“We’ve analyzed the servers after the weekend’s hack, and there’s no sign that we’ve lost data. The attack has only been directed at our business, not our users.”
The company also maintains that it does not store payment card information but user email addresses, phone numbers, and pin codes are stored on the server. Furthermore, the post stated that all user PINs and passwords are stored in an encrypted format which makes it impossible for hackers or the company itself to read the data.
Nevertheless, for the sake of security, Bycyklen is urging users to change their PINs as soon as possible.
“In our databases, we use “salted password hashing”, that is, all PINs are encrypted and cannot be read or recreated, neither by Bycyklen nor any other player,” the company explained. “For security purposes, we encourage all our users to change their PIN as soon as possible.”
At the time of publishing this article, the city police were investigating the hack attack while Bycyklen’s find a ride status page shows most of the bikes were available for riders throughout the city.