Attackers defaced the website of the Luas, the home page displayed a message demanding the payment of 1 bitcoin. The hackers asked the payment within 5 days threatening to “publish all data and send emails to users” if the demand is not satisfied.
“Some time ago I wrote that you have serious security holes. You didn’t reply. The next time someone talks to you, press the reply button,” reads the message left by the attackers on the website.
Luas initially warned customers of the hack and invited them to avoid accessing the website “due to an ongoing issue,” the organization later confirmed that the website was compromised.
At the time of writing, the website of the Luas is still offline. the analysis of the bitcoin address provided by the attackers confirmed that
It is not clear if the hackers have stolen data, Luas only collect some specific customers’ data, including name, mobile phone number, and email address.
The compromised site doesn’t contain financial data because customers buy tickets on a different website (payments[.]luas.ie) that was not affected by the hack.
In 2016, another public transport system was hacked,
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – defacement, hacking)
[adrotate banner=”5″] [adrotate banner=”13″]