Bicycle sharing company Obike has been found to have been leaked user information over unsecure connections. The company has since closed the security flaw, but the fact remains that private information was exposed to the public for an undetermined amount of time.
The security flaw was centered on Obike’s social media functions, particularly that which allows users to share trip details with friends and family. For the most part, this was supposed to only show location data. However, investigators from German broadcaster Bayerischer Rundfunk (BR) discovered that it also contained information like phone numbers, emails addresses, and profile photos.
This data leak didn’t only affect German customers, as the findings also included user data from places like Great Britain, Singapore, and Malaysia.
It’s unclear how long the vulnerability was left open. BR says that it found a report from security experts in Taiwan highlighting the problem in June 2017. The Taiwanese had reported the problem, but appear to have been ignored. However, Obike took swift action when reporters from BR raised the matter with the company.
There’s no evidence that cybercriminals have harvested information from this leak, but that isn’t to say that it hasn’t happened.
[Source: Bayerischer Rundfunk]