Blink Mobility car sharing service exposes customers via data leak
Take action: It's very unfortunate to expose an unprotected database on the internet. It's a lot worse to not be able to lock it down for two days after the issue is reported.
Learn More
Blink Mobility, a Los Angeles-based provider of electric car-sharing services, inadvertently exposed a misconfigured MongoDB database to public access, leading to a significant data breach.
Discovered on October 17th, the database's metadata was indexed by search engines, making the data accessible to anyone with a MongoDB viewer. The database contained over 181,000 records related to car rentals and the personally identifiable information (PII) of more than 22,000 Blink Mobility customers and administrators.
Researchers who found the database reported the incident to Blink Mobility. It took two days after the report for the database to be secured and made inaccessible to the public. Blink Mobility has not commented in more detail.
The breach is particularly concerning given that PII from car rental companies is highly sought after by black-hat hackers and often traded on dark web marketplaces. The leaked data could enable identity theft, phishing attacks, unauthorized account access, and other malicious activities.
