Whoosh, a Russian electric scooter rental service, has confirmed a data breach that accessed 7.2 million user records. According to Bleeping Computer, the hackers sold the stolen records. The scooter-sharing service is actively operating in around 40 cities, and around 70,000 scooters are in circulation.
Stolen Customer Information
The hacker started selling the stolen data from Whoosh through a hacking forum. Among the information up for purchase were promotion codes, which can be used to access the rental scooter without charge. It was also reported user identification and payment card data, albeit incomplete, were also being sold.
Whoosh already released a statement through Russian media in early November, stating that the issue has been resolved by its IT experts. However, this doesn't change the fact that the hacker has already stolen user data. The company is already working with the proper authorities to prevent further publication and sale of stolen information.
In the statement, the company spokesperson mentioned that the leak did not affect sensitive user data. These include account access, transaction information, or travel details. They also mentioned that the security procedures make it impossible for third parties to gain access to users' bank cards.
Selling the Stolen Data
A user took to hacking forums and published a database containing the stolen data. In the post were Whoosh customers' first names, phone numbers, and email addresses. Around 1.9 million users had the partial details of their payment cards released as well. Around three million promo codes were also posted by the seller, which allows people to bypass any sort of payment when they use the scooters.
It has been confirmed by the seller that the data up for grabs were from the November 2022 breach, which was mentioned in a sale through Telegram. Reports say there have been five buyers, and the leaked data was being sold for $4,200 or .21490980 bitcoins each. As mentioned by the SatoshiDisk platform where transactions took place, there have been no purchases yet.
How Do I Use Whoosh?
Like other rental services, they also have an app. You can register using a phone number, email, and adding a payemnt card. One of the perks with the service is that it doesn't have a reservation fee, but if you do not use the scooter within ten minutes, it will made available to others again. Through the app, you may find a scooter closest to you, where you can view its battery percentage and ride rate.
Once you get to the scooter, you can scan the QR code that can be seen on the handlebars. If you've reached your destiantion, you can search the app for parking areas near you. You can view the map and look for a "P." Although it's not as precise, you will still find it when you look around a bit more. If you still can't find it, juts press the scooter icon on the map, and it will beep and flash its headlights.
If you need to enter a building but will use the scooter for later, you can press the lock icon in the app. This locks the wheels, making it impossibe for others to take it. You can easily unlock it via the app once you need to use it again, as mentioned in the Whoosh website.