Anonymous Hacks BART: Releases User Database
Another high-profile hack this weekend, as the San Francisco BART (Bay Area Rapid Transit) transport authority confirms that "at least 2,400" of its 55k strong member database has been compromised, with hacking collective Anonymous claiming responsibility. Names, emails and passwords – as well as potentially phone numbers and addresses – have been snatched, with the BART site – and services that rely on the transit data it publishes – sluggish on Sunday under an ongoing assault.
The upside is that no financial information is stored about each BART user, so those believing themselves to be affected will not have to cancel their credit cards. However, the organization warns that members should be wary of potential phone or mail scams, since their details are potentially in the wild now.
"BART has proved multiple times that they have no problem exploiting and abusing the people.
First they displayed this by the two recent killings by BART police. Under no circumstance, unless police are shot at,
make police killings acceptable. Non-lethal weapons were available to use during both incidents,
providing even that was necessary, but instead they shot to kill. Next they violated the people's right to assembly and prevented
other bystanders from using emergency services by blocking cell phone signals in order to stop a protest against the BART police murders.
Lastly, they set up this website called mybart.gov and they stored their members information with virtually no security.
The data was stored and easily obtainable via basic sqli. Any 8 year old with a internet connection
could have done what we did to find it. On top of that none of the info, including the passwords,
was encrypted. It is obvious BART does no give a f*** about its customers, funders and tax payers,THE PEOPLE." Anonymous statement
According to a statement release by Anonymous, the hack was in protest over recent shootings by BART police, as well as to highlight the lax security that had been used in the member information database. None of the data had been encrypted, including passwords. "We apologize to any citizen that has his information published" the hackers conclude, "but you should go to BART and ask them why your information wasn't secure with them."