[BreachExchange] Hacker attacks Copenhagen’s Bycyklen, deletes entire database

Audrey McNeil audrey at riskbasedsecurity.com
Wed May 9 18:54:52 EDT 2018


Bycyklen, Copenhagen’s public bike-sharing system, announced on Saturday
that their entire database was erased in a hack by unknown hackers on the
night between Friday and Saturday, causing their systems to be out of
operation on Saturday.

“The manner in which the attack was performed is really primitive, but
demonstrates that it was done by a person with a high level of knowledge of
the IT structure of our system, and at the same time, we can see that the
person(s) have entered using a password,” Bycyklen wrote in a Facebook post
on Sunday, 6 May.

All of the organisation’s 1,860 bikes were affected by the hack, which had
to be manually restored by Bycyklen staff, out of which only 200 were able
to be restored by the organisation’s staff on Sunday.

The system works by using Android tablets attached to the bikes that
connect to Bycyklen’s database to record the details of bikes spread across
the city. Due to the erasure of the database, users were unable to unlock
the bikes, and the staff had to manually reboot the Android tablets after
tracking down the bikes.

The organisation launched a “treasure hunt” to track down the bicycles for
the same, offering users an hour of free riding time as a reward for
finding one.

In an update posted on its website on Monday, Bycyklen assured users that
after analysing their servers, there have been “no signs that we have lost

“The attack has been aimed directly at our business, not our users,” the
company wrote. “We do not store payment card information. The only
information we keep is our users' email addresses, phone numbers and their
PIN codes for the Bycyklen bikes. In our databases we use "salted password
hashing", that is, all PINs are encrypted and cannot be read or recreated,
neither by Bycyklen nor any other player."

Currently active bicycles can be found using the organisation’s “Find a
bike” page.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180509/e429583f/attachment.html>

More information about the BreachExchange mailing list