• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 15th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Cyber Crime

Hacker compromised user data & illegally used car sharing service 33 times

January 31st, 2018 Waqas Cyber Crime, Hacking News 0 comments
Hacker compromised user data & illegally used car sharing service 33 times
Share on FacebookShare on Twitter

A 37-year old IT security researcher and self-confessed computer hacker Nik Cubrilovic from Australia has been accused of illegally accessing the consumer database of Australian car-share firm GoGet. He has been taken to Lake Illawarra Police Station. It is the same person who previously informed GoGet Company on the flaws present in its software system that can make its system prone to cyber-attack.

Expert hacker with malicious deeds

Cubrilovic advertises himself as an ex-hacker turned “security consultant,” and his claim-to-fame is the identification of cyber-security flaws in several high-profile websites including that of the Australian government (MyGov) and Facebook.

The Penrose, Southern Highlands’ resident held a legitimate GoGet account, which he created in mid-2016. Soon after creating his account, Cubrilovic started sending a series of emails to GoGet advising them about the salient vulnerabilities he had identified in the company’s operating systems.

Accessed GoGet vehicles by hacking user data

After his arrest, Detective Superintendent Arthur Katsogiannis noted that the accused accessed vehicles in the Sydney metropolitan area and then returned all of them. A forensic examination of the computers confiscated from Cubrilovic will be conducted by the police to confirm the exact number of customers who got affected by this data breach. Det. Katsogiannis stated that although no financial data has been stolen investigations are still on-going.

According to the police investigations, Cubrilovic illegally accessed and downloaded customer information from GoGet twice and then used the data to steal access to vehicles around 33 times from May to July 2017.

“Customer details were compromised and downloaded but we don’t believe from the early investigation any were on sold or disseminated any further. With some of these individuals, it’s not all about getting the benefit, it’s about proving they can do something and enhancing their reputation online,” said Det. Katsogiannis.

Riot Squad in action

The investigations were instigated from July 2017 when GoGet reported the police about detection of unauthorized access to the company’s fleet booking system. After extensive inspection carried out by Strike Force Artsy detectives in collaboration with the Public Order and Riot Squad, a search warrant was issued and Cubrilovic’s residence in Penrose was searched this Tuesday morning. The police took into its custody several computers, electronic storage devices, and laptops after searching the house.

Hacker busted for using car sharing service after hacking customers data

Nik Cubrilovic during AusCERT Conference in 2016. (Credit: YouTube)

The accused appeared in Wollongong Local Court through live streaming. During the hearing, the prosecution stated that Cubrilovic was interviewed last year as a security consultant by the ABC’s Four Corners program. The prosecution also argued that if the accused gets a bail, he might commit further offenses like uploading the stolen database on the internet. Conversely, the defense counsel argued that this is an “overblown” case.

No Internet for Cubrilovic

As of now the accused is on bail under strict limitations; he had surrendered his passport and he cannot contact GoGet customers or employees or access the internet or cryptocurrency platforms while he will be reporting to the police thrice in a week.

An email was sent to current and former customers of GoGet in which the CEO of the company Tristan Sender apologized for the data breach. “We are sorry that this has happened. We take your privacy very seriously and have been working hard to get the best outcome from this police investigation,” wrote Sender.

GoGet has confirmed that customers who got registered to its services post-July 27th haven’t been affected with this data breach and only those who signed up or updated their payment card data between 25 May 2017 and 27 July 2017 could have been affected by this incident.

Charged

Cubrilovic has been charged with two counts of unauthorized access, impairment, and modification with intent to carry out the serious criminal offense and 33 counts of taking and drive conveyance without obtaining the consent of the owner. He created over 30 bookings on 5 vehicles, which included an Audi A3 convertible for two months’ period. Every time he charged the vehicle hire fee to someone else’s account. The total amount owned by Cubrilovic is AUD 3423 (USD 2771/Euro 2224), according to the police.

An expert hacker and security researcher

It is worth noting that when the accused informed GoGet about flaws in its systems, the company rewarded him by waiving the money that he owed. Later, using his advanced hacking skills, Cubrilovic gained access to GoGet’s customer data after his girlfriend’s account got suspended.

Cubrilovic is the same hacker who revealed out how Facebook store user data and track people who are not even part of the social media site. Watch Australian Broadcasting Corporation’s video talking about Cubrilovic’s findings:

More: Uber Paid Hackers $100k to Hide Massive Theft of 75M Accounts

  • Tags
  • Australia
  • Bug Bounty
  • Cyber Attack
  • Cyber Crime
  • Fraud
  • GoGet
  • hacking
  • Infosec
  • internet
  • Scam
  • security
Facebook Twitter LinkedIn Pinterest
Previous article Tor Proxy Used By Cybercriminals To Initiate Bitcoin Theft
Next article Lizard Squad is alive and continuing activities as BigBotPein: Report
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
ShinyHunters dump partial database of broker firm Upstox

ShinyHunters dump partial database of broker firm Upstox

2 scraped LinkedIn databases with 500m and 827m records sold online

2 scraped LinkedIn databases with 500m and 827m records sold online

Hackers leak data, 600k card info from Swarmshop cybercrime forum

Hackers leak data, 600k card info from Swarmshop cybercrime forum

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Unpatched MS Exchange servers hit by cryptojacking malware
Security

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data
Leaks

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

FBI accessing computers across US to remove malicious web shells
Security

FBI accessing computers across US to remove malicious web shells

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us