Security News > 2021 > April > ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users
2021-04-12 22:18

The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.

Gemini shared a new sales thread on a Russian-language crime forum that included my ParkMobile account information in the accompanying screenshot of the stolen data.

Included in the data were my email address and phone number, as well as license plate numbers for four different vehicles we have used over the past decade.

Asked for clarification on what the attackers did access, ParkMobile confirmed it included basic account information - license plate numbers, and if provided, email addresses and/or phone numbers, and vehicle nickname.

ParkMobile doesn't store user passwords, but rather it stores the output of a fairly robust one-way password hashing algorithm called bcrypt, which is far more resource-intensive and expensive to crack than common alternatives like MD5. The database stolen from ParkMobile and put up for sale includes each user's bcrypt hash.

"Additionally, the compromised data does not include parking history, location history, or any other sensitive information. We do not collect social security numbers or driver's license numbers from our users."


News URL

https://krebsonsecurity.com/2021/04/parkmobile-breach-exposes-license-plate-data-mobile-numbers-of-21m-users/