Connect with us

Cyber Security

Bugs in Moovit gave hackers free rides and access to personal information

Cyber Security

Top 5 Benefits of Professional Employee Cyber Security Training

Cyber Security Tech

6 Lessons Every Startup Should Know About Cybersecurity

Cyber Security

Exploring the Future Scope of Cyber Security in 2025

Cyber Security

Truecaller Partners With Khyaal to Protect Senior Citizens from Scam

Cyber Security

Why CMMC News Is Shaking Up The Cybersecurity Landscape In Government Supply Chains

Cyber Security

CERT-In Issues High-Severity Warning for MediaTek Devices: Urges Immediate Security Updates

Cyber Security

RANSOMWARE ATTACKS TARGETING INDUSTRIAL OPERATORS SURGE 46% IN ONE QUARTER, HONEYWELL REPORT FINDS

Cyber Security

Cyber Attack Wipes Out KiranaPro’s Quick Commerce App Code

Cyber Security

Cartier Confirms Data Breach, Alerts Customers to Risk of Targeted Cyber Attacks

Cyber Security

Google sues alleged scammers over 10,000 fake Maps listings

Cyber Security

Why Google made a $32 billion bet on Wiz

Cyber Security

Apple has revealed a Passwords app vulnerability that lasted for months

Cyber Security

Google acquires cybersecurity firm Wiz for $32 billion

Cyber Security

1Password is making it easier to find passwords based on your location

Cyber Security

Bugs in Moovit gave hackers free rides and access to personal information

Published

2 years ago

on

A security researcher has discovered vulnerabilities in the popular transportation app Moovit that could have allowed hackers to take control of user accounts, gain free rides, and access personal information, according to recent reports.

Exploitation of Vulnerabilities and Collection of Sensitive Data

Omer Attias, a security researcher at SafeBreach, identified three critical vulnerabilities in the Moovit app. These vulnerabilities enabled him to gather registration data from new Moovit users worldwide, including sensitive information such as cell phone numbers, email addresses, home addresses, and the last four digits of credit cards. Even more concerning, these bugs could have potentially allowed attackers to hijack user accounts and use their credit cards to pay for unauthorized rides.

Impersonation and Access to Personal Data

Attias explained the extent of the security flaws: “We can fully impersonate accounts, without disconnecting them. It’s crazy, we actually have the ability to perform all the operations on behalf of different accounts, including ordering train tickets. And additionally, we can access all of their personal information.” This could have resulted in a stealthy attack that went unnoticed by the victims, except for unexpected credit card charges.

Worldwide Impact and Rapid Response

Moovit is an Israeli startup that offers route information and public transportation maps. The vulnerabilities Attias discovered could have had a global impact, as Moovit operates in 3,500 cities across 112 countries. Despite the potential severity, Moovit assured that no malicious hackers exploited the vulnerabilities. The company confirmed that Attias reported the issues in September 2022, and they were promptly addressed and fixed.

Moovit’s Response and No Evidence of Data Breach

Moovit spokesperson Sharon Kaslassi emphasized that the vulnerabilities had been rectified and that no customer data had been accessed by malicious actors. Kaslassi clarified that the relevant ticketing service tied to the vulnerabilities was active only in Israel. Attias and his team countered, stating that the vulnerabilities could have potentially affected all customers, regardless of location. The situation underscores the importance of rigorous security testing and swift response to potential threats in the digital age.

Related Topics:
Continue Reading
Click to comment

You must be logged in to post a comment Login

Leave a Reply