The popular mobile app that drivers use to pay and find available public parking in Pittsburgh and in other cities experienced a data breach several weeks ago that affected 21 million users nationwide.
ParkMobile is an Atlanta, GA-based company that offers a free app allowing users to find open parking spaces across the United States and pay from the comfort of their cars through their smartphones to save the time needed to fiddle with the meter.
Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords, and mailing addresses.
The sample data from ParkMobile shared by a hacker on a cybercrime forum reveals data allegedly belonging to some big names.
The Pittsburgh Parking Authority Tuesday confirmed the breach, saying that hackers broke in and stole some users’ personal information. Authority officials said, however, that credit card information and Social Security numbers were not breached.
Asked about the sales thread, Atlanta-based ParkMobile said the company published a notification on Mar. 26 about “a cybersecurity incident linked to a vulnerability in a third-party software that we use.”
“In response, we immediately launched an investigation with the assistance of a leading cybersecurity firm to address the incident,” the notice reads. “Out of an abundance of caution, we have also notified the appropriate law enforcement authorities. The investigation is ongoing, and we are limited in the details we can provide at this time.”
However, cybersecurity researchers at Gemini Advisory soon discovered a database from the breach being offered for purchase on several hacker forums including Russian-speaking cybercrime forums. The data included in the listing concern email addresses, phone numbers, license plate numbers for all registered vehicles of a user, and hashed passwords
The data items that have not been accessed because they were not present in the ParkMobile database, to begin with, are parking history, location history, social security numbers, driver’s license numbers, and plaintext passwords.
If you’re a ParkMobile user, changing your account password might be a pro move.
On the other hand, the dark web seller has set a price tag of $125,000 which is a little high. So ParkMobile users may have some time before their details are massively leaked.