What is the issue?
Transport for London disclosed that a few online Oyster travel smartcard accounts have been compromised in a credential stuffing attack.
What happened?
Attackers accessed customers’ Oyster accounts using a list of stolen usernames and passwords obtained from other sources.
Due to this incident, users faced issues while accessing their online accounts. Upon learning the incident, TFL launched an investigation to determine the source and extent of the incident.
Meanwhile, the UK capital's transport authority noted that this incident occurred due to users reusing their login credentials for their Oyster accounts that were also used for one or more hacked websites.
What is the impact?
What actions were taken?
“While this is a very small proportion of our 6 million online Oyster card account holders, we want to be absolutely safe and to protect our customers’ accounts so have temporarily suspended online contactless and Oyster accounts while we put additional security measures in place,” Transport for London told The Register.
Publisher