Breach Brief – ParkMobile

Breach Brief – ParkMobile

Parking in any large city is a serious challenge nowadays. Most of the time you gotta pay. And most of the time you are using the ParkMobile app. And now the information you shared with the one of nation’s largest parking apps has been stolen.

According to KrebsOnSecurity.com somebody has offered for sale the account information for 21 million ParkMobile customers.  The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.

News of the breach came from New York based Gemini Advisory, a threat intelligence firm that monitors cyber crime forums. Gemini spotted a new sales thread on a Russian-language crime forum that included ParkMobile account information with accompanying screenshot of the stolen data.

When asked about the sales thread, Atlanta-based ParkMobile said the company published a notification on Mar. 26 about “a cybersecurity incident linked to a vulnerability in a third-party software that we use.”

“In response, we immediately launched an investigation with the assistance of a leading cybersecurity firm to address the incident,” the notice reads. “Out of an abundance of caution, we have also notified the appropriate law enforcement authorities. The investigation is ongoing, and we are limited in the details we can provide at this time.”

ParkMobile issued a statement saying; “Our investigation indicates that no sensitive data or Payment Card Information, which we encrypt, was affected. Meanwhile, we have taken additional precautionary steps since learning of the incident, including eliminating the third-party vulnerability, maintaining our security, and continuing to monitor our systems.”