Taxi software firm breach exposes details of over 300,000 passengers
iCabbi database unprotected online, leaving users exposed
An unprotected database containing the sensitive information of over 300,000 taxi passengers in the UK and Ireland has been discovered online.
Cybersecurity researcher Jeremiah Fowler discovered the unprotected database belonging to Dublin-based firm iCabbi, which maintains a taxi dispatch system in the cloud.
The database was not password protected, meaning virtually anyone could have accessed it publicly. It contained over 20,000 records, and included Personally Identifiable Information (PII) including names, emails, and phone numbers of customers.
Quick fix
As well as the usual Gmail and Yahoo addresses, the researcher also found email addresses belonging to well known organizations, such as the BBC, government agencies, and universities.
The researcher claims to have immediately notified iCabbi of the leaking database, and the firm restricted public access the day after. They managed to access the database without needing any confidential credentials or performing any form of hacking - it was open for anyone with a public internet connection to see.
The researcher believes the database "appeared to be a content management storage repository for documents used by the application, such as terms and conditions files and spreadsheets with customer data."
After the researcher disclosed the data leak, a representative from iCabbi said the company had deleted the records, adding, "Human error to blame here unfortunately... part of a migration of customers but we should not be using public folders. We are going to engage with customers to make them aware of this breach."
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Unprotected databases are a common and entirely preventable problem. Recently, Microsoft was found to be leaking employee and company data on an unsecured database. It exposed corporate user credentials, meaning hackers could have breached internal systems and caused all kinds of damage.
MORE FROM TECHRADAR PRO
Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.