Parking app developer EasyPark has published a notice on its website warning of a data breach it discovered on December 10, 2023, which impacts an unknown number of its millions of users.
EasyPark is a Swedish company that creates mobile and web apps that serve as parking space locators, booking managers, and EV charging point finders.
The company operates digital parking services in 20 countries and over 4,000 cities, covering most of Europe, the United States, Australia, New Zealand, and the UK. The EasyPark app has over 10 million downloads on Google Play, while its other apps, RingGo and ParkMobile, have 5 million installs each.
As reported by BleepingComputer, ParkMobile disclosed a massive data breach in 2021 that exposed the stolen data for 21 million customers.
This database was subsequently released for free on a hacking forum.
Although a firm spokesperson has declined to provide details about this new breach and how many customers were impacted, they told BleepingComputer that a portion of European users had been affected, indicating that the incident concerns mainly EasyPark app users.
The above could help cybercriminals launch effective phishing attacks against the exposed EasyPark users, which the company warns explicitly about in the data breach notice.
The company clarifies that the disclosed data does not pose a risk for executing unauthorized transactions, and no such activities have resulted from the cybersecurity incident.
At this time, the app's services continue to be accessible as normal, while EasyPark's security team is implementing additional security and privacy measures to ensure that the adverse effects of the incident have been contained.
The data protection authorities in Sweden, the United Kingdom, and Switzerland have been notified about the incident.
As a precaution, and since the nature of the cybersecurity incident remains undisclosed, it would be prudent for all users to reset their account passwords and do the same on all online platforms where they might be using the same credentials.
At the time of writing, no ransomware groups have taken responsibility for an attack on EasyPark.
Threat actors have already started looking for the stolen data in hacking forum posts seen by BleepingComputer.
Toyota warns customers of data breach exposing personal, financial info.
Kroll reveals FTX customer info exposed in August data breach.
Panasonic discloses data breach after December 2022 cyberattack.
Mortgage firm LoanCare warns 1.3 million people of data breach.
Yakult Australia confirms 'cyber incident' after 95 GB data leak.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 28 Dec 2023 19:40:23 +0000