SoylentNews is people
SoylentNews
Transport for London's online Oyster travel smartcard system has been accessed by miscreants using stolen customer login credentials, The Reg can reveal, forcing IT bods to pull the website offline for a second day.
The UK capital's transport authority has blamed the intrusions on passengers who have used email address and password combinations for their Oyster accounts that were also used for one or more hacked websites: criminals who have nicked login details from other sites can use that information to get into the Oyster accounts of people who reuse the same usernames and passwords everywhere. This technique is known as credential stuffing.
A TfL spokesperson told us: "We believe that a small number of customers have had their Oyster online account accessed after their login credentials were compromised when using non-TfL websites. No customer payment details have been accessed, but as a precautionary measure and to protect our customers' data, we have temporarily closed online contactless and Oyster accounts while we put additional security measures in place."
(Score: 0) by Anonymous Coward on Saturday August 10 2019, @01:13PM
Yep. Fundamentally these cards are all the same as debit cards issued by a bank. The bank that issues them is just some subsidiary in the middle of nowhere charging $5 for the card (and $3-5 every time you refill) and scraping up the leftover few cents when you stop using it.