Park-N-Fly And OneStopParking Confirm Suspected Breaches

(sfxeric)

(sfxeric)

After looking at the transactions on compromised credit cards, security experts at banks suspected that breaches may have occurred at two airport parking companies: the suspected breaches at Park-N-Fly and OneStopParking. Both companies have since confirmed that they were breached, but that doesn’t mean that the same person or group targeted both companies.

Park-N-Fly issued a statement on Tuesday about their breach, where card numbers and other customer information stolen included other information that is part of customers’ accounts with the company, including e-mail addresses and passwords. If you tend to use the same password everywhere and you’ve made an online Park-N-Fly reservation, time to change your password and also to rethink that strategy.

Here’s the relevant statement, as posted on the company’s website:

While the investigation is ongoing, it has been determined that the security of some data from certain payment cards that were used to make reservations through PNF’s e-commerce website is at risk. The data potentially at risk includes the card number, cardholder’s name and billing address, card expiration date, and CVV code. Other loyalty customer data potentially at risk includes email addresses, Park ‘N Fly passwords, and telephone numbers

.

OneStopParking confirmed the breach on their site, which occurred when hackers found a weak spot in the software that powers the company’s site, Joomla. Unfortunately for them, a patch existed for this specific vulnerability months before the break-in, and the site’s manager told Krebs on Security that the patch caused problems with their site, so they didn’t install it.

Card numbers from both breaches showed up in the same online marketplace, part of the surprisingly normal-seeming marketplaces where credit card numbers are sold.

Park ‘N Fly, OneStopParking Confirm Breaches [Krebs on Security]