iCabbi Database Exposes Information of 300,000 Taxi Passengers in UK

Cybersecurity researcher Jeremiah Fowler has uncovered a concerning security lapse, revealing that a non-password-protected database containing sensitive information of approximately 300,000 taxi passengers in the UK and Ireland was left exposed. The discovery, brought to light by Jeremiah Fowler and reported to vpnMentor, has raised significant privacy concerns.
iCabbi cyber securityThe exposed database, comprising 22,745 records in .csv format, included names, phone numbers, and email addresses of the affected passengers. Among the compromised email addresses were those from popular providers such as Gmail, Hotmail, Yahoo, iCloud, and Outlook. Notably, email addresses belonging to entities like media outlets, government agencies, and universities were also found within the dataset.

Further investigation revealed that the data belonged to iCabbi, a Dublin-based company specializing in dispatch and fleet management technology for taxi services. Upon notification of the security breach, Fowler promptly notified iCabbi, leading to the swift restriction of public access to the exposed data. However, it remains uncertain how long the information had been vulnerable or whether unauthorized parties accessed it.

The exposed database appeared to serve as a repository for various documents utilized by the iCabbi application, including customer data and operational files. Jeremiah Fowler emphasized that while he conducted a limited review to ensure responsible disclosure, he refrained from downloading or extracting any data beyond publicly accessible documents.

In response to Jeremiah Fowler’s disclosure, an iCabbi representative acknowledged the oversight, attributing it to human error during a customer migration process. They assured that corrective measures had been taken, including the deletion of the exposed records and plans to enhance customer awareness regarding the breach.

Established in 2009, iCabbi, owned by the Exel Technology Group, boasts a significant presence in the taxi industry, offering dispatch systems, passenger and driver applications, IVR phone systems, payment solutions, APIs, and a partner marketplace across 15 countries. While the exposed records pertained solely to individuals in the UK and Ireland, iCabbi’s technology aims to modernize taxi services globally.

Despite the swift remedial actions taken, concerns regarding the potential misuse of the exposed data persist. Jeremiah Fowler highlighted the risk of targeted phishing campaigns and other cyber threats, urging affected individuals to remain vigilant and verify the legitimacy of communications.

While iCabbi has addressed the immediate security lapse, the incident underscores the ongoing need for robust cybersecurity measures, particularly in industries handling sensitive customer information. Jeremiah Fowler said proactive measures such as two-factor authentication can significantly mitigate the risk of unauthorized access and data breaches.

Baburajan Kizhakedath

Related News

Latest News

Latest News