The Lithuanian police are currently investigating the leakage of data from the City Bee customer database, which resulted in hackers obtaining 110,000 people's personal data. Five members of the government and the mayor of Vilnius are also among them. Hackers are allegedly attempting to sell the stolen data for 1000 bitcoins on the so-called dark web.
The subsidiary company of the City Bee brand also operates in Latvia, and there are around 140 thousand people using its services.
Both Latvian and Lithuanian companies store customer data on a single server. However, according to the local City Bee, Latvian user data are safe.
In Lithuania, hackers managed to obtain a backup copy of the database which was created in 2018, when City Bee had not even started in Latvia.
“Those data that have been leaked or stolen are those who registered until February 22, 2018. In Latvia, we started operations in January 2019. Consequently, those who have registered with us have not been affected at all,” said Egija Gailuma, head of City Bee Latvija.
However, the company has reports that there are also several Latvian residents who have used City Bee services in Lithuania before February 2018.
Hackers have managed to obtain users' names, surnames, personal identification numbers, e-mail addresses, user names and passwords, possibly including telephone numbers and copies of driver's licenses, but not credit card data, so bank accounts will not be accessed.
But the leaked information can be used to carry out so-called “access data attacks.” Namely, access the accounts of these people in other services, because users often use similar user names and passwords. Therefore, City Bee recommends that customers change access data and use different passwords in different apps.