Following a cyberattack against Île-de-France Mobilités, the email addresses and passwords of thousands of Ile-de-France public transport users were stolen, compromising their accounts.
Bad times for French users! After Pôle emploi and Engie, it is the turn of Île-de-France Mobilités (IDFM), which organizes and finances transport in the Paris region, to get hacked. The regional transport authority indicated on Friday October 6 that its Île-de-France Mobilités Connect service, which allows users to manage their packages and contracts, their purchases and reloading of tickets, their route searches, as well as that their carpooling trip reservations on Île-de-France Mobilités partner applications, was the victim of a hacking attempt. “The attacker fraudulently collected around 4,000 active email addresses and passwords from the web, which he used to log in to the accounts”explains the Île-de-France transport union in a statement. Very bad news, as Ile-de-France residents make 9.4 million trips every day across the region’s 1,500 bus lines, 14 metro lines, 9 tram lines and 13 train and RER lines.
IDF Mobilités Connect hacking: thousands of identifiers stolen
IDF Mobilité indicates that it has “was notified on October 4 of the attack”that its service provider responsible for securing payments and transactions Worldline has “noted on October 2”. IDFM asked the latter “to take the necessary technical measures to put an end to this attempt and if necessary, to take any additional measures to strengthen security”. However, it does not indicate the day of the attack, nor the time between data collection and intrusion attempts. It also does not specify whether the accounts, whose passwords were hacked, were then used fraudulently or not.
The organization contacted the affected users via a standard letter, informing them that they would receive an email asking them to reset their password, and inviting them to do so. “without delay” – be careful, you must not forget to also modify those of the different accounts using the same one. As required by procedure, IDFM filed a complaint with the public prosecutor for fraudulent data collection. It has also notified the National Commission for Information Technology and Liberties (CNIL) of this personal data breach and will keep it informed of developments in the situation.