Hackers could have hijacked the user accounts of a popular transportation app and used them to get free rides and access people’s personal information, according to a security researcher.
Omer Attias, a security researcher at SafeBreach, said he found three vulnerabilities in the Moovit app, which allowed him to collect new Moovit user’s registration information from all over the world — including cell phone numbers, email addresses, home addresses, and the last four digits of credit cards. Worst of all, the bugs could have allowed him to take over other people’s accounts, and consequently their credit cards, to pay for his own rides.
This whole chain of exploits could have been performed without the target ever finding out, apart from seeing unwanted charges on their credit card. Attias called it “the perfect attack.”
Have more mobility news that we should be reading and sharing? Let us know! Reach out to Sage Kashner (kashner@ctaa.org).
Please confirm you want to block this member.
You will no longer be able to:
Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.