Cabcharge trip logs exposed by security-free database probe

Taxi payment company knows where you live ... and so can anyone who runs Shodan

4 Reg comments Got Tips?

Researchers from Risk Based Security have Shodanned up a Cabcharge database that was running without security.

The taxi fee monopoly has lurched into damage control, telling the Sydney Morning Herald it's contacting the 3,400 Cabcharge Fastcard holders whose details were left lying around in public.

RBS's post says the database exposed sensitive information of both customers and drivers.

While only the last four digits of credit cards were held, the customer's name, pickup, and dropoff locations and times were all in the database.

Driver information included name, ABN, taxi ID, terminal ID, and trip logs.

The company sent a statement over to the SMH to the effect that the “old” information didn't put customer payment information at risk, and claiming that the information hadn't been misused.

Clearly, Cabcharge doesn't understand the threat of identity theft any better than it understands why Uber is eating its lunch. ®


Biting the hand that feeds IT © 1998–2020