Researchers from Risk Based Security have Shodanned up a Cabcharge database that was running without security.
The taxi fee monopoly has lurched into damage control, telling the Sydney Morning Herald it's contacting the 3,400 Cabcharge Fastcard holders whose details were left lying around in public.
RBS's post says the database exposed sensitive information of both customers and drivers.
While only the last four digits of credit cards were held, the customer's name, pickup, and dropoff locations and times were all in the database.
Driver information included name, ABN, taxi ID, terminal ID, and trip logs.
The company sent a statement over to the SMH to the effect that the “old” information didn't put customer payment information at risk, and claiming that the information hadn't been misused.
Clearly, Cabcharge doesn't understand the threat of identity theft any better than it understands why Uber is eating its lunch. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks