Skip to main content

Whoooosh!...even urban shared-mobility steals your personal data

 That's only one report yesterday

www.bleepingcomputer.com

Whoosh confirms data breach after hackers sell 7.2M user records

Bill Toulas
7 - 9 minutes

Whoosh

"The Russian scooter-sharing service Whoosh has confirmed a data breach after hackers started to sell a database containing the details of 7.2 million customers on a hacking forum.

Whoosh is Russia's leading urban mobility service platform, operating in 40 cities with over 75,000 scooters.

On Friday, a threat actor began selling the stolen data on a hacking forum, which allegedly contains promotion codes that can be used to access the service for free, as well as partial user identification and payment card data. . .

In a new statement shared with RIA Novosti today, Whoosh admits that there is a data leak and informs its user base they are working with law enforcement authorities to take all mea insures to stop the distribution of the data.

"The leak did not affect sensitive user data, such as account access, transaction information, or travel details," stated a Whoosh spokesperson.

"Our security procedures also exclude the possibility of third parties gaining access to full payment data of users' bank cards."

What's for sale

On Friday, a user on the 'Breached' hacking forums posted a database containing details about 7.2 millionWhoosh customers, including email addresses, phone numbers, and first names.

Sale of Woosh data on Breached
Sale of Woosh data on Breached forums (BleepingComputer)

The database also contained partial payment card details for a subset of 1,900,000 users.

The seller also claimed that the stolen data included 3,000,000 promo codes, which people can use to rent Whoosh scooters without paying.

The seller says they are selling the data to only five buyers for $4,200 each, or .21490980 bitcoins, and according to the SatoshiDisk platform used for the transaction, no one has yet to purchase the database.

SatoshiDisk sale
SatoshiDisk sale stats (BleepingComputer)

In a separate sale of the data on Telegram, the threat actor claims it was stolen during a November 2022 attack on Whoosh.

Russian database leaks

According to an August 2022 report from Roskomnadzor, Russia's internet watchdog, there were 40 confirmed Russian company data breaches since the beginning of the year.

In September 2022, Group-IB published a report claiming to have observed 140 database sales stolen from Russian companies this summer alone, with the total number of exposed records reaching 304 million.

The most notable leak, in terms of its impact this year, was that of the food delivery app Yandex Food, which led to multiple collateral data exposures." 

Related Articles:

MyDeal data breach impacts 2.2M users, stolen data for sale online

Russian retail chain 'DNS' confirms hack after data leaked online

Optus hacker apologizes and allegedly deletes all stolen data

Canadian food retail giant Sobeys hit by Black Basta ransomware

Ukraine says Russian hacktivists use new Somnia ransomware

LATEST ARTICLES

 

  • Hacker cyberattack
    Security

    North Korean hackers target European orgs with updated malware

    North Korean hackers are using a new version of the DTrack backdoor to attack organizations in Europe and Latin America.

  • MacBook Air
    Deals

    Upgrade your Mac with this premium limited edition bundle

    Whether it's your backup or your primary machine, this limited edition Mac bundle includes Microsoft Office and 6 other programs for $59.99, 96% off the $1,516 MSRP.

    • BleepingComputer Deals
    • November 15, 2022
    • 02:08 PM
    • Comment Count 0
  • Windows 10
    Microsoft

    Windows 10 KB5020030 preview update released with ten improvements

    Microsoft has released this month's optional KB5020030 Preview cumulative update for all editions of Windows 10 20H2, 21H1, 21H2, and 22H2.

  • android
    Security, Google

    Google to roll out Privacy Sandbox on Android 13 starting early 2023

    Google announced today that they will begin rolling out the Privacy Sandbox system on a limited number of Android 13 devices starting in early 2023.

  • Backstage
    Security

    Researchers release exploit details for Backstage pre-auth RCE bug

    Older versions of the Spotify Backstage development portal builder are vulnerable to a critical (CVSS score: 9.8) unauthenticated remote code execution flaw allowing attackers to run commands on publicly exposed systems.

  • MFA Fatigue attacks are putting your organization at risk
    Security
    Sponsored Content

    MFA Fatigue attacks are putting your organization at risk

    A common threat targeting businesses is MFA fatigue attacksā€”a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts. This article includes some measures you can implement to prevent these types of attacks.

  • Costco
    Deals

    Save on time and everyday items with a Costco membership deal

    To help you free up more time in the day and ways to maximize our budget, this Costco Gold Star Membership helps you manage those changes and cut down on errands for $60.

    • BleepingComputer Deals
    • November 15, 2022
    • 07:17 AM
    • Comment Count 0
  • china hacker
    Security

    Chinese hackers target government agencies and defense orgs

    The Chinese espionage APT (advanced persistent threat), tracked as 'Billbug' (aka Thrip, or Lotus Blossom), is currently running a 2022 campaign targeting government agencies and defense organizations in multiple Asian countries.


    • Comments

    Post a Comment

    Popular posts from this blog

    World Defense News

    Flash News: Ukraine Intercepts Russian Kh-59 Cruise Missile Using US VAMPIRE Air Defense System Mounted on Boat. Ukrainian forces have made a major breakthrough in their air defense strategy, successfully intercepting and destroying a Russian Kh-59 cruise missile over the Black Sea with the newly deployed U.S. L3Harris VAMPIRE Surface-to-Air Missile (SAM) system mounted on a high-speed boat.  This marks the first operational use of the VAMPIRE SAM system to intercept a cruise missile, representing a significant leap forward in Ukraine's capability to counter advanced airborne threats.  The achievement was reported on January 25, 2025, via the X account of Clash Report.  Read News Russia - Ukraine War at this link ... Ukrainian forces fire with the US-supplied VAMPIRE SAM system from a high-speed boat, successfully intercepting a Russian Kh-59 cruise missile over the Black Sea in response to an airstrike threat. Screenshot from the video published on the Clash Report X acc...
    Post a Comment
    Click here to Read more Ā»

    Trump Inauguration Acts Have Been Announced!

    The committee planning Trumpā€™s inaugural ceremonies released a schedule Monday of four days of events centered around the Jan. 20th swearing-in ceremony, which Biden is planning to attend. ā€œPresident Trump is dedicated to uniting the country through the strength, security, and opportunity of his America First agenda,ā€ Steve Witkoff and Kelly Loeffler, the co-chairs of the inaugural committee, said in a statement. . . The Republican's Inauguration Day plans include tea at the White House, the swearing-in ceremony at the Capitol, a congressional luncheon, a parade on Pennsylvania Avenue and a trio of balls. Village People and Carrie Underwood to perform at Trump's inauguration events. . . Other inauguration ceremony performers will include two of the president-electā€™s musical favorites, country singer Lee Greenwood and opera singer Christopher Macchio. Euronews.com 49 minutes ago Search inside image Village People and Carrie Underwood to perform at Trump's inauguration events...
    Post a Comment
    Click here to Read more Ā»

    Zelenskyy ā€˜a beggar and blackmailerā€™ ā€“ EU stateā€™s PM

    11 Jan, 2025 19:21 Home World News The Ukrainian leader needs to stop asking other people for money, Slovakiaā€™s Robert Fico has said Vladimir Zelensky looks on during a joint press conference with European Council President Antonio Costa in Kiev, Ukraine, December 1, 2024  Ā©   Getty Images / Nikoletta Stoyanova ISNA News Agency 6 days ago Search inside image Slovakia's PM: Zelensky a beggar and blackmailer - ISNA Slovak Prime Minister Robert Fico has lashed out at Vladimir Zelensky, declaring that the Ukrainian leaderā€™s  ā€œbegging and blackmailingā€  needs  ā€œto stop.ā€  Relations between Bratislava and Kiev soured when Ukraine cut off the flow of Russian gas earlier this month. ā€œIā€™m not here to hold hands with Zelensky, and Iā€™ll admit, Iā€™m sick of him sometimes,ā€  Fico said at a meeting of the Slovak parliamentā€™s foreign affairs committee on Friday. ā€œHe roams Europe begging and blackmailing, asking others for money,ā€  Fico continued, adding:...
    Post a Comment
    Click here to Read more Ā»