We’ve got another popular and very commonplace smartphone app to add the list of apps and services that have either been hacked or suffered a data breach so far in 2021. This time it’s ParkMobile, an app that’s pretty popular across North America (operating in more than 450 cities) that lets you find and pay for parking spaces using the app or online.
Information about the breach comes from cybersecurity-focused investigative reporter Brian Krebs, who’s reported that someone is selling account information for 21 million customers of the app and that the stolen data includes email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords — basically, all the personal details on individuals that hackers could have a field day with. ParkMobile published its own notification about this incident for consumers first back at the end of March, and then it shared another update late last week with details about the data breach, which you can check out below.
Basically, the service attributed the data breach to a vulnerability in third-party software that it uses. And among the findings of ParkMobile’s internal investigation, according to the company:
No customer credit card was apparently accessed as part of this data breach, nor any data related to customers’ parking transaction history. “Only basic user information was accessed,” the company says. “This includes license plate numbers, as well as email addresses, phone numbers, and vehicle nicknames if provided by the user. In a small percentage of cases, mailing addresses were also affected.” Encrypted passwords were also accessed, but not the encryption keys required to read them.
If you want to change your password, go to the “Settings” section on the ParkMobile app or on the web by clicking here. And as we’ve previously noted in earlier run-downs of data breaches that involve hackers grabbing email addresses and passwords, here’s a reminder of some best practices to keep in mind in order to keep your password to this and other accounts secure:
- Use 2-factor authentication whenever and wherever you’re given the option.
- Use a long, hard-to-guess password with a mix of letters, numbers, and special characters, and change it regularly going forward.
- And use a solid password manager service to protect your accounts.
Not that there’s any good time for this to happen to a company, but this probably couldn’t come at a worse time for ParkMobile. In early March, the EasyPark parking group out of Europe announced plans to acquire the company. Of course, the 21 million customers potentially exposed in ParkMobile’s data breach certainly pales in comparison to some of the other similar incidents we’ve written about recently, including the users caught up in what you could argue is the mother of all data breaches thus far.
In February, more than 3.2 billion email-and-password combos were posted online, as part of what became known as the Compilation of Many Breaches (or COMB, for short). Thanks to reporting from CyberNews, we learned that this batch of information is a compilation of many different data breaches, meaning the posting is not the result of a new hack or incident. All the more reason why it’s so important to keep your accounts secure and use hard-to-guess, secure passwords everywhere you can.