Bugs in transportation app Moovit gave hackers free rides

  • Date: 08/13/2023

Hackers could have hijacked the user accounts of a popular transportation app and used them to get free rides and access people’s personal information, according to a security researcher.

Omer Attias, a security researcher at SafeBreach, said he found three vulnerabilities in the Moovit app, which allowed him to collect new Moovit user’s registration information from all over the world — including cell phone numbers, email addresses, home addresses, and the last four digits of credit cards. Worst of all, the bugs could have allowed him to take over other people’s accounts, and consequently their credit cards, to pay for his own rides.

This whole chain of exploits could have been performed without the target ever finding out, apart from seeing unwanted charges on their credit card. Attias called it “the perfect attack.”

Open Article


We’d love to hear from you!

Have more mobility news that we should be reading and sharing? Let us know! Reach out to Sage Kashner (kashner@ctaa.org).

Skip to toolbar