The Public City Bikes System in Copenhagen was hacked and the database was deleted

An unidentified hacker successfully invaded Bycyklen, Copenhagen’s Public City Bikes System, and deleted its entire database, which directly led to the public’s inability to use the bicycle during the weekend. The event coincided with the Ice Hockey World Championships held in Copenhagen, which brought inconvenience to local residents to a certain extent.

Bycyklen pointed out on the official website that during the night between Friday, May 4, 2018, and Saturday, May 5, the hacker committed an invasion. Bycyklen stated that the invasion was “very original” and hinted that hackers who may have launched the attack may have a good understanding of the Bycyklen IT infrastructure.

Under the influence of hacking, all 1,860 bicycles deployed by the organization could not be used normally on the morning of May 5.

Affected bikes are equipped with an Android tablet and access to the Bycyklen database to record bike rental information and driving trajectories. After the database is deleted, the user cannot unlock the bicycle successfully.

Bycyklen wrote on Facebook saying that to fix this problem, they need to manually update all bicycles. After tracking the bike and restarting the Android tablet installed in it, employees have successfully recovered 200 bicycles on May 5. The company stated that it will still take some time for all bicycles to return to normal operation.

After an analysis of the attacks, an update of the Bycyklen website on May 7, 2018, stated that they did not find any signs of the hacker stealing data: “The attack has been aimed directly at our business, not our users. We do not store payment card information. The only information we keep is our users [sic] email addresses, phone numbers and their PIN codes for the Bycyklen bikes.”

For security reasons, the company reminds users to change their password as soon as possible. Bycyklen is currently launching a “treasure hunt” campaign on the Facebook page, which encourages users to report problematic bicycles so employees can move on to update and recover.

Source: bleepingcomputer

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy