It became known that on the night of February 15-16 in Lithuania, the data of about 110 thousand customers of the local car rental service CityBee was stolen.
The information was published on one of the forums of cyber hackers.
"On the night of February 15-16, cybercriminals posted a message on a foreign-registered forum that they had not only the names and personal codes of some CityBee customers, as previously announced, but also phone numbers, email addresses, residential addresses, driver's license numbers and encrypted passwords," said CityBee.
Experts reported that, according to available information, passwords are provided in the SHA1 format without additional security criteria (salt), so they can be guessed automatically and used for unauthorized access.
The company noted that the data is already three years old — and their theft will not affect the security of CityBee customers, since the organization does not store information about payment methods. However, CityBee representatives still asked customers who registered in the system before February 22, 2018, to change their passwords if they used the same or similar password.
According to the Minister of Justice Agnė Širinskienė, such personal data can be used very widely. Especially in the case of international crimes.
"For example, illegal immigration from third countries often occurs with the use of fake documents. Let's just think about how a citizen of a third country X can easily move around the EU with the personal data of a CityBee customer in a fake passport. Now imagine that a resident of country X, who has personal documents filled out with CityBee customer data, is involved in the arms trade, the organization of a terrorist network in Europe, and is suspected of money laundering... while the client of CityBee, the "owner" of the identity, is flying to the Maldives on vacation," Širinskienė gave an example.
CityBee has launched an investigation to find out how customer data was stolen.
The police are conducting a pre-trial investigation.